Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-30632 (GCVE-0-2022-30632)
Vulnerability from cvelistv5 – Published: 2022-08-09 20:15 – Updated: 2024-08-03 06:56
VLAI
EPSS
Title
Stack exhaustion on crafted paths in path/filepath
Summary
Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.
Severity
No CVSS data available.
CWE
- CWE-674 - Uncontrolled Recursion
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | path/filepath |
Affected:
0 , < 1.17.12
(semver)
Affected: 1.18.0-0 , < 1.18.4 (semver) |
Credits
Juho Nurminen of Mattermost
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/cl/417066"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.googlesource.com/go/+/ac68c6c683409f98250d34ad282b9e1b0c9095ef"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/issue/53416"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
},
{
"tags": [
"x_transferred"
],
"url": "https://pkg.go.dev/vuln/GO-2022-0522"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "path/filepath",
"product": "path/filepath",
"programRoutines": [
{
"name": "Glob"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.17.12",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.18.4",
"status": "affected",
"version": "1.18.0-0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Juho Nurminen of Mattermost"
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T19:04:36.688Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/417066"
},
{
"url": "https://go.googlesource.com/go/+/ac68c6c683409f98250d34ad282b9e1b0c9095ef"
},
{
"url": "https://go.dev/issue/53416"
},
{
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
},
{
"url": "https://pkg.go.dev/vuln/GO-2022-0522"
}
],
"title": "Stack exhaustion on crafted paths in path/filepath"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2022-30632",
"datePublished": "2022-08-09T20:15:37.000Z",
"dateReserved": "2022-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:56:13.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-30632",
"date": "2026-05-29",
"epss": "0.00096",
"percentile": "0.26466"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-30632\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2022-08-10T20:15:41.877\",\"lastModified\":\"2024-11-21T07:03:04.097\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.\"},{\"lang\":\"es\",\"value\":\"Una recursi\u00f3n no controlada en Glob en path/filepath versiones anteriores a Go 1.17.12 y Go 1.18.4, permite a un atacante causar un p\u00e1nico debido al agotamiento de la pila por medio de una ruta que contenga un gran n\u00famero de separadores de ruta\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-674\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.17.12\",\"matchCriteriaId\":\"646881F6-A299-4D92-A1F3-E95959FA426F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.18.0\",\"versionEndExcluding\":\"1.18.4\",\"matchCriteriaId\":\"FE088A2D-7894-4A48-887C-36DD727A7BEB\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/417066\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://go.dev/issue/53416\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://go.googlesource.com/go/+/ac68c6c683409f98250d34ad282b9e1b0c9095ef\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2022-0522\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://go.dev/cl/417066\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://go.dev/issue/53416\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://go.googlesource.com/go/+/ac68c6c683409f98250d34ad282b9e1b0c9095ef\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2022-0522\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
RHSA-2022:7648
Vulnerability from csaf_redhat - Published: 2022-11-08 09:46 - Updated: 2026-05-30 08:31Summary
Red Hat Security Advisory: grafana-pcp security update
Severity
Moderate
Notes
Topic: An update for grafana-pcp is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.
Security Fix(es):
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.
6.5 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.
7.5 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.
7.5 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.
7.5 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.
7.5 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.
6.5 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
41 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grafana-pcp is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.\n\nSecurity Fix(es):\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:7648",
"url": "https://access.redhat.com/errata/RHSA-2022:7648"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index"
},
{
"category": "external",
"summary": "2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7648.json"
}
],
"title": "Red Hat Security Advisory: grafana-pcp security update",
"tracking": {
"current_release_date": "2026-05-30T08:31:00+00:00",
"generator": {
"date": "2026-05-30T08:31:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2022:7648",
"initial_release_date": "2022-11-08T09:46:12+00:00",
"revision_history": [
{
"date": "2022-11-08T09:46:12+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-08T09:46:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-30T08:31:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:3.2.0-2.el8.src",
"product": {
"name": "grafana-pcp-0:3.2.0-2.el8.src",
"product_id": "grafana-pcp-0:3.2.0-2.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@3.2.0-2.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:3.2.0-2.el8.aarch64",
"product": {
"name": "grafana-pcp-0:3.2.0-2.el8.aarch64",
"product_id": "grafana-pcp-0:3.2.0-2.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@3.2.0-2.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:3.2.0-2.el8.aarch64",
"product": {
"name": "grafana-pcp-debuginfo-0:3.2.0-2.el8.aarch64",
"product_id": "grafana-pcp-debuginfo-0:3.2.0-2.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@3.2.0-2.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:3.2.0-2.el8.ppc64le",
"product": {
"name": "grafana-pcp-0:3.2.0-2.el8.ppc64le",
"product_id": "grafana-pcp-0:3.2.0-2.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@3.2.0-2.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:3.2.0-2.el8.ppc64le",
"product": {
"name": "grafana-pcp-debuginfo-0:3.2.0-2.el8.ppc64le",
"product_id": "grafana-pcp-debuginfo-0:3.2.0-2.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@3.2.0-2.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:3.2.0-2.el8.x86_64",
"product": {
"name": "grafana-pcp-0:3.2.0-2.el8.x86_64",
"product_id": "grafana-pcp-0:3.2.0-2.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@3.2.0-2.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:3.2.0-2.el8.x86_64",
"product": {
"name": "grafana-pcp-debuginfo-0:3.2.0-2.el8.x86_64",
"product_id": "grafana-pcp-debuginfo-0:3.2.0-2.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@3.2.0-2.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:3.2.0-2.el8.s390x",
"product": {
"name": "grafana-pcp-0:3.2.0-2.el8.s390x",
"product_id": "grafana-pcp-0:3.2.0-2.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@3.2.0-2.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:3.2.0-2.el8.s390x",
"product": {
"name": "grafana-pcp-debuginfo-0:3.2.0-2.el8.s390x",
"product_id": "grafana-pcp-debuginfo-0:3.2.0-2.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@3.2.0-2.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:3.2.0-2.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.aarch64"
},
"product_reference": "grafana-pcp-0:3.2.0-2.el8.aarch64",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:3.2.0-2.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.ppc64le"
},
"product_reference": "grafana-pcp-0:3.2.0-2.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:3.2.0-2.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.s390x"
},
"product_reference": "grafana-pcp-0:3.2.0-2.el8.s390x",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:3.2.0-2.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.src"
},
"product_reference": "grafana-pcp-0:3.2.0-2.el8.src",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:3.2.0-2.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.x86_64"
},
"product_reference": "grafana-pcp-0:3.2.0-2.el8.x86_64",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:3.2.0-2.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.aarch64"
},
"product_reference": "grafana-pcp-debuginfo-0:3.2.0-2.el8.aarch64",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:3.2.0-2.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.ppc64le"
},
"product_reference": "grafana-pcp-debuginfo-0:3.2.0-2.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:3.2.0-2.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.s390x"
},
"product_reference": "grafana-pcp-debuginfo-0:3.2.0-2.el8.s390x",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:3.2.0-2.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.x86_64"
},
"product_reference": "grafana-pcp-debuginfo-0:3.2.0-2.el8.x86_64",
"relates_to_product_reference": "AppStream-8.7.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1705",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107374"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: improper sanitization of Transfer-Encoding header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.src",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.x86_64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1705"
},
{
"category": "external",
"summary": "RHBZ#2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
},
{
"category": "external",
"summary": "https://go.dev/issue/53188",
"url": "https://go.dev/issue/53188"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-08T09:46:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.src",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.x86_64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7648"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.src",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.x86_64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: improper sanitization of Transfer-Encoding header"
},
{
"cve": "CVE-2022-30630",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107371"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: io/fs: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RH ProdSec has set the Impact of this vulnerability to Moderate as there is no known method to execute arbitary code. Successful exploitation of this bug can cause the application under attack to panic, merely causing a Denial of Service at the application level. As the kernel is unaffected by this bug, the user can merely relaunch the application to fix the problem. Also, if somehow the application keeps relaunching, the timer watchdogs in the default RHEL kernel will stop the attack in its tracks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.src",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.x86_64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30630"
},
{
"category": "external",
"summary": "RHBZ#2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
},
{
"category": "external",
"summary": "https://go.dev/issue/53415",
"url": "https://go.dev/issue/53415"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-08T09:46:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.src",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.x86_64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7648"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.src",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.x86_64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: io/fs: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30631",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: compress/gzip: stack exhaustion in Reader.Read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit CVE-2022-30631, an attacker supplies a specially crafted gzip archive to a Go application that uses a vulnerable version of the compress/gzip package without adequate input validation. This can lead to uncontrolled recursion, resulting in stack exhaustion and causing the application to panic, thereby affecting its availability.\n\nAs this is merely a DoS and there is no known way to control the instruction pointer, RH ProdSec has set the impact of this vulnerabilty to \"Moderate\".",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.src",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.x86_64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30631"
},
{
"category": "external",
"summary": "RHBZ#2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631"
},
{
"category": "external",
"summary": "https://go.dev/issue/53168",
"url": "https://go.dev/issue/53168"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-08T09:46:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.src",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.x86_64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7648"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.src",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.x86_64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: compress/gzip: stack exhaustion in Reader.Read"
},
{
"cve": "CVE-2022-30632",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: path/filepath: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.src",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.x86_64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30632"
},
{
"category": "external",
"summary": "RHBZ#2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
},
{
"category": "external",
"summary": "https://go.dev/issue/53416",
"url": "https://go.dev/issue/53416"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-08T09:46:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.src",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.x86_64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7648"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.src",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.x86_64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: path/filepath: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30635",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/gob: stack exhaustion in Decoder.Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.The vulnerability has been rated as moderate instead of high because the vulnerability can only result in a minor denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.src",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.x86_64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30635"
},
{
"category": "external",
"summary": "RHBZ#2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635"
},
{
"category": "external",
"summary": "https://go.dev/issue/53615",
"url": "https://go.dev/issue/53615"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-08T09:46:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.src",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.x86_64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7648"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.src",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.x86_64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/gob: stack exhaustion in Decoder.Decode"
},
{
"cve": "CVE-2022-32148",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.src",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.x86_64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32148"
},
{
"category": "external",
"summary": "RHBZ#2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148"
},
{
"category": "external",
"summary": "https://go.dev/issue/53423",
"url": "https://go.dev/issue/53423"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-08T09:46:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.src",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.x86_64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7648"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.src",
"AppStream-8.7.0.GA:grafana-pcp-0:3.2.0-2.el8.x86_64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.aarch64",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.ppc64le",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.s390x",
"AppStream-8.7.0.GA:grafana-pcp-debuginfo-0:3.2.0-2.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working"
}
]
}
RHSA-2022:8057
Vulnerability from csaf_redhat - Published: 2022-11-15 10:31 - Updated: 2026-05-30 08:31Summary
Red Hat Security Advisory: grafana security, bug fix, and enhancement update
Severity
Important
Notes
Topic: An update for grafana is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
The following packages have been upgraded to a later upstream version: grafana (7.5.15). (BZ#2055349)
Security Fix(es):
* sanitize-url: XSS due to improper sanitization in sanitizeUrl function (CVE-2021-23648)
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)
* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
* grafana: XSS vulnerability in data source handling (CVE-2022-21702)
* grafana: CSRF vulnerability can lead to privilege escalation (CVE-2022-21703)
* grafana: IDOR vulnerability can lead to information disclosure (CVE-2022-21713)
* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in sanitize-url due to improper sanitization in the sanitizeUrl function. This issue causes vulnerability to Cross-site Scripting in sanitize-url.
5.4 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.
6.5 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.
5.5 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An information-disclosure flaw was found in grafana. When a data source has the Forward OAuth Identity feature enabled, sending a query to that data source with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This flaw allows API token holders to retrieve data to which they may not be authorized.
4.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.
7.5 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A Cross-site scripting (XSS) vulnerability was found in the way Grafana handles data sources. This flaw allows an attacker to serve HTML content through the Grafana data source or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site scripting (XSS) attack. Should an existing data source connected to Grafana be compromised, it could be used to inappropriately gain access to other data sources connected to the same Grafana org.
6.8 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A Cross-site request forgery (CSRF) vulnerability was found in Grafana. This flaw allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, editors or admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges.
6.8 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
An Insecure Direct Object Reference (IDOR) vulnerability was found on Grafana Teams APIs. This flaw impacts the `/teams/:teamId`, `/teams/:search`, `/teams/:teamId/members` API endpoints and may allow an authenticated attacker to view unintended data by querying for the specific team ID or search for teams and see the total number of available teams (including teams that the user does not have access to).
4.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.
7.3 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.
7.5 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.
7.5 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.
7.5 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion.
7.5 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.
7.5 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.
6.5 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
99 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grafana is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB \u0026 OpenTSDB. \n\nThe following packages have been upgraded to a later upstream version: grafana (7.5.15). (BZ#2055349)\n\nSecurity Fix(es):\n\n* sanitize-url: XSS due to improper sanitization in sanitizeUrl function (CVE-2021-23648)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)\n\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n\n* grafana: XSS vulnerability in data source handling (CVE-2022-21702)\n\n* grafana: CSRF vulnerability can lead to privilege escalation (CVE-2022-21703)\n\n* grafana: IDOR vulnerability can lead to information disclosure (CVE-2022-21713)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:8057",
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index"
},
{
"category": "external",
"summary": "2044628",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044628"
},
{
"category": "external",
"summary": "2045880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"
},
{
"category": "external",
"summary": "2050648",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050648"
},
{
"category": "external",
"summary": "2050742",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050742"
},
{
"category": "external",
"summary": "2050743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050743"
},
{
"category": "external",
"summary": "2055349",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055349"
},
{
"category": "external",
"summary": "2065290",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065290"
},
{
"category": "external",
"summary": "2104367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104367"
},
{
"category": "external",
"summary": "2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "2107376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
},
{
"category": "external",
"summary": "2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8057.json"
}
],
"title": "Red Hat Security Advisory: grafana security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2026-05-30T08:31:01+00:00",
"generator": {
"date": "2026-05-30T08:31:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2022:8057",
"initial_release_date": "2022-11-15T10:31:43+00:00",
"revision_history": [
{
"date": "2022-11-15T10:31:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-15T10:31:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-30T08:31:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.5.15-3.el9.src",
"product": {
"name": "grafana-0:7.5.15-3.el9.src",
"product_id": "grafana-0:7.5.15-3.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.5.15-3.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.5.15-3.el9.aarch64",
"product": {
"name": "grafana-0:7.5.15-3.el9.aarch64",
"product_id": "grafana-0:7.5.15-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.5.15-3.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"product": {
"name": "grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"product_id": "grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el9?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.5.15-3.el9.ppc64le",
"product": {
"name": "grafana-0:7.5.15-3.el9.ppc64le",
"product_id": "grafana-0:7.5.15-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.5.15-3.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"product": {
"name": "grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"product_id": "grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.5.15-3.el9.x86_64",
"product": {
"name": "grafana-0:7.5.15-3.el9.x86_64",
"product_id": "grafana-0:7.5.15-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.5.15-3.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:7.5.15-3.el9.x86_64",
"product": {
"name": "grafana-debuginfo-0:7.5.15-3.el9.x86_64",
"product_id": "grafana-debuginfo-0:7.5.15-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:7.5.15-3.el9.s390x",
"product": {
"name": "grafana-0:7.5.15-3.el9.s390x",
"product_id": "grafana-0:7.5.15-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@7.5.15-3.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:7.5.15-3.el9.s390x",
"product": {
"name": "grafana-debuginfo-0:7.5.15-3.el9.s390x",
"product_id": "grafana-debuginfo-0:7.5.15-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@7.5.15-3.el9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.5.15-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64"
},
"product_reference": "grafana-0:7.5.15-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.5.15-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le"
},
"product_reference": "grafana-0:7.5.15-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.5.15-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x"
},
"product_reference": "grafana-0:7.5.15-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.5.15-3.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src"
},
"product_reference": "grafana-0:7.5.15-3.el9.src",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:7.5.15-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64"
},
"product_reference": "grafana-0:7.5.15-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:7.5.15-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64"
},
"product_reference": "grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:7.5.15-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le"
},
"product_reference": "grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:7.5.15-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x"
},
"product_reference": "grafana-debuginfo-0:7.5.15-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:7.5.15-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
},
"product_reference": "grafana-debuginfo-0:7.5.15-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-23648",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-03-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2065290"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in sanitize-url due to improper sanitization in the sanitizeUrl function. This issue causes vulnerability to Cross-site Scripting in sanitize-url.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sanitize-url: XSS due to improper sanitization in sanitizeUrl function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23648"
},
{
"category": "external",
"summary": "RHBZ#2065290",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065290"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23648",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23648"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23648",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23648"
},
{
"category": "external",
"summary": "https://github.com/braintree/sanitize-url/pull/40",
"url": "https://github.com/braintree/sanitize-url/pull/40"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882",
"url": "https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882"
}
],
"release_date": "2022-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T10:31:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "sanitize-url: XSS due to improper sanitization in sanitizeUrl function"
},
{
"cve": "CVE-2022-1705",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107374"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: improper sanitization of Transfer-Encoding header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1705"
},
{
"category": "external",
"summary": "RHBZ#2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
},
{
"category": "external",
"summary": "https://go.dev/issue/53188",
"url": "https://go.dev/issue/53188"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T10:31:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: improper sanitization of Transfer-Encoding header"
},
{
"cve": "CVE-2022-1962",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: go/parser: stack exhaustion in all Parse* functions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1962"
},
{
"category": "external",
"summary": "RHBZ#2107376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962"
},
{
"category": "external",
"summary": "https://go.dev/issue/53616",
"url": "https://go.dev/issue/53616"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T10:31:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: go/parser: stack exhaustion in all Parse* functions"
},
{
"cve": "CVE-2022-21673",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2022-01-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044628"
}
],
"notes": [
{
"category": "description",
"text": "An information-disclosure flaw was found in grafana. When a data source has the Forward OAuth Identity feature enabled, sending a query to that data source with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This flaw allows API token holders to retrieve data to which they may not be authorized.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: Forward OAuth Identity Token can allow users to access some data sources",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21673"
},
{
"category": "external",
"summary": "RHBZ#2044628",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044628"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21673",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21673"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/",
"url": "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/"
}
],
"release_date": "2022-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T10:31:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: Forward OAuth Identity Token can allow users to access some data sources"
},
{
"cve": "CVE-2022-21698",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2022-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2045880"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream\u0027s (the Prometheus project) impact rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21698"
},
{
"category": "external",
"summary": "RHBZ#2045880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698"
},
{
"category": "external",
"summary": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p",
"url": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T10:31:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter"
},
{
"cve": "CVE-2022-21702",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2022-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050648"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability was found in the way Grafana handles data sources. This flaw allows an attacker to serve HTML content through the Grafana data source or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site scripting (XSS) attack. Should an existing data source connected to Grafana be compromised, it could be used to inappropriately gain access to other data sources connected to the same Grafana org.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: XSS vulnerability in data source handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21702"
},
{
"category": "external",
"summary": "RHBZ#2050648",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050648"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21702",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21702"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21702",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21702"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/",
"url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/"
}
],
"release_date": "2022-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T10:31:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
},
{
"category": "workaround",
"details": "Please refer to the Grafana upstream advisory for possible workarounds for this issue.",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: XSS vulnerability in data source handling"
},
{
"cve": "CVE-2022-21703",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2022-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050742"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site request forgery (CSRF) vulnerability was found in Grafana. This flaw allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, editors or admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: CSRF vulnerability can lead to privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21703"
},
{
"category": "external",
"summary": "RHBZ#2050742",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050742"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21703"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21703",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21703"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-cmf4-h3xc-jw8w"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/",
"url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/"
}
],
"release_date": "2022-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T10:31:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
},
{
"category": "workaround",
"details": "Please refer to the Grafana upstream advisory for possible workarounds for this issue.",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: CSRF vulnerability can lead to privilege escalation"
},
{
"cve": "CVE-2022-21713",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2022-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050743"
}
],
"notes": [
{
"category": "description",
"text": "An Insecure Direct Object Reference (IDOR) vulnerability was found on Grafana Teams APIs. This flaw impacts the `/teams/:teamId`, `/teams/:search`, `/teams/:teamId/members` API endpoints and may allow an authenticated attacker to view unintended data by querying for the specific team ID or search for teams and see the total number of available teams (including teams that the user does not have access to).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: IDOR vulnerability can lead to information disclosure",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21713"
},
{
"category": "external",
"summary": "RHBZ#2050743",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050743"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21713",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21713"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21713",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21713"
},
{
"category": "external",
"summary": "https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-63g3-9jq3-mccv"
},
{
"category": "external",
"summary": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/",
"url": "https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/"
}
],
"release_date": "2022-02-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T10:31:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "grafana: IDOR vulnerability can lead to information disclosure"
},
{
"cve": "CVE-2022-28131",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Decoder.Skip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability exists in the calling of the function decoder.skip to a deeply nested XML document. Although the vulnerability exists, it may require that the application accept deeply nested XML from untrusted sources and specifically calls Decoder.Skip on it. In many deployments, that code path might not even be reachable or exposed to external input. On top of that, a successful exploitation will only result in denial of service due to stack exhaustion, which is why this has been marked as moderate by Red Hat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28131"
},
{
"category": "external",
"summary": "RHBZ#2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131"
},
{
"category": "external",
"summary": "https://go.dev/issue/53614",
"url": "https://go.dev/issue/53614"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T10:31:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: stack exhaustion in Decoder.Skip"
},
{
"cve": "CVE-2022-30630",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107371"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: io/fs: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RH ProdSec has set the Impact of this vulnerability to Moderate as there is no known method to execute arbitary code. Successful exploitation of this bug can cause the application under attack to panic, merely causing a Denial of Service at the application level. As the kernel is unaffected by this bug, the user can merely relaunch the application to fix the problem. Also, if somehow the application keeps relaunching, the timer watchdogs in the default RHEL kernel will stop the attack in its tracks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30630"
},
{
"category": "external",
"summary": "RHBZ#2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
},
{
"category": "external",
"summary": "https://go.dev/issue/53415",
"url": "https://go.dev/issue/53415"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T10:31:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: io/fs: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30631",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: compress/gzip: stack exhaustion in Reader.Read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit CVE-2022-30631, an attacker supplies a specially crafted gzip archive to a Go application that uses a vulnerable version of the compress/gzip package without adequate input validation. This can lead to uncontrolled recursion, resulting in stack exhaustion and causing the application to panic, thereby affecting its availability.\n\nAs this is merely a DoS and there is no known way to control the instruction pointer, RH ProdSec has set the impact of this vulnerabilty to \"Moderate\".",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30631"
},
{
"category": "external",
"summary": "RHBZ#2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631"
},
{
"category": "external",
"summary": "https://go.dev/issue/53168",
"url": "https://go.dev/issue/53168"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T10:31:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: compress/gzip: stack exhaustion in Reader.Read"
},
{
"cve": "CVE-2022-30632",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: path/filepath: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30632"
},
{
"category": "external",
"summary": "RHBZ#2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
},
{
"category": "external",
"summary": "https://go.dev/issue/53416",
"url": "https://go.dev/issue/53416"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T10:31:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: path/filepath: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30633",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Unmarshal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has marked this as moderate impact for two primary reasons\n1. Though the vulnerability exists, it is hard to exploit in real scenarios (e.g., the attacker must be able to feed crafted XML documents into specific code paths).\n2. The vulnerability is a denial of service (DoS) due to stack exhaustion rather than code execution or data breach. Since it doesn\u2019t compromise confidentiality or integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30633"
},
{
"category": "external",
"summary": "RHBZ#2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633"
},
{
"category": "external",
"summary": "https://go.dev/issue/53611",
"url": "https://go.dev/issue/53611"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T10:31:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: stack exhaustion in Unmarshal"
},
{
"cve": "CVE-2022-30635",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/gob: stack exhaustion in Decoder.Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.The vulnerability has been rated as moderate instead of high because the vulnerability can only result in a minor denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30635"
},
{
"category": "external",
"summary": "RHBZ#2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635"
},
{
"category": "external",
"summary": "https://go.dev/issue/53615",
"url": "https://go.dev/issue/53615"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T10:31:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/gob: stack exhaustion in Decoder.Decode"
},
{
"cve": "CVE-2022-32148",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32148"
},
{
"category": "external",
"summary": "RHBZ#2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148"
},
{
"category": "external",
"summary": "https://go.dev/issue/53423",
"url": "https://go.dev/issue/53423"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T10:31:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8057"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.src",
"AppStream-9.1.0.GA:grafana-0:7.5.15-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-debuginfo-0:7.5.15-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working"
}
]
}
RHSA-2022:8098
Vulnerability from csaf_redhat - Published: 2022-11-15 15:12 - Updated: 2026-05-30 08:31Summary
Red Hat Security Advisory: toolbox security and bug fix update
Severity
Moderate
Notes
Topic: An update for toolbox is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI.
Security Fix(es):
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.
6.5 (Medium)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.
7.5 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.
7.5 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.
7.5 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for toolbox is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI.\n\nSecurity Fix(es):\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:8098",
"url": "https://access.redhat.com/errata/RHSA-2022:8098"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index"
},
{
"category": "external",
"summary": "2089194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089194"
},
{
"category": "external",
"summary": "2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8098.json"
}
],
"title": "Red Hat Security Advisory: toolbox security and bug fix update",
"tracking": {
"current_release_date": "2026-05-30T08:31:01+00:00",
"generator": {
"date": "2026-05-30T08:31:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2022:8098",
"initial_release_date": "2022-11-15T15:12:42+00:00",
"revision_history": [
{
"date": "2022-11-15T15:12:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-15T15:12:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-30T08:31:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-5.el9.src",
"product": {
"name": "toolbox-0:0.0.99.3-5.el9.src",
"product_id": "toolbox-0:0.0.99.3-5.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-5.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-5.el9.aarch64",
"product": {
"name": "toolbox-0:0.0.99.3-5.el9.aarch64",
"product_id": "toolbox-0:0.0.99.3-5.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-5.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "toolbox-tests-0:0.0.99.3-5.el9.aarch64",
"product": {
"name": "toolbox-tests-0:0.0.99.3-5.el9.aarch64",
"product_id": "toolbox-tests-0:0.0.99.3-5.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-tests@0.0.99.3-5.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "toolbox-debugsource-0:0.0.99.3-5.el9.aarch64",
"product": {
"name": "toolbox-debugsource-0:0.0.99.3-5.el9.aarch64",
"product_id": "toolbox-debugsource-0:0.0.99.3-5.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debugsource@0.0.99.3-5.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "toolbox-debuginfo-0:0.0.99.3-5.el9.aarch64",
"product": {
"name": "toolbox-debuginfo-0:0.0.99.3-5.el9.aarch64",
"product_id": "toolbox-debuginfo-0:0.0.99.3-5.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debuginfo@0.0.99.3-5.el9?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-5.el9.ppc64le",
"product": {
"name": "toolbox-0:0.0.99.3-5.el9.ppc64le",
"product_id": "toolbox-0:0.0.99.3-5.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-5.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "toolbox-tests-0:0.0.99.3-5.el9.ppc64le",
"product": {
"name": "toolbox-tests-0:0.0.99.3-5.el9.ppc64le",
"product_id": "toolbox-tests-0:0.0.99.3-5.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-tests@0.0.99.3-5.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "toolbox-debugsource-0:0.0.99.3-5.el9.ppc64le",
"product": {
"name": "toolbox-debugsource-0:0.0.99.3-5.el9.ppc64le",
"product_id": "toolbox-debugsource-0:0.0.99.3-5.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debugsource@0.0.99.3-5.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "toolbox-debuginfo-0:0.0.99.3-5.el9.ppc64le",
"product": {
"name": "toolbox-debuginfo-0:0.0.99.3-5.el9.ppc64le",
"product_id": "toolbox-debuginfo-0:0.0.99.3-5.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debuginfo@0.0.99.3-5.el9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-5.el9.x86_64",
"product": {
"name": "toolbox-0:0.0.99.3-5.el9.x86_64",
"product_id": "toolbox-0:0.0.99.3-5.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-5.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "toolbox-tests-0:0.0.99.3-5.el9.x86_64",
"product": {
"name": "toolbox-tests-0:0.0.99.3-5.el9.x86_64",
"product_id": "toolbox-tests-0:0.0.99.3-5.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-tests@0.0.99.3-5.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "toolbox-debugsource-0:0.0.99.3-5.el9.x86_64",
"product": {
"name": "toolbox-debugsource-0:0.0.99.3-5.el9.x86_64",
"product_id": "toolbox-debugsource-0:0.0.99.3-5.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debugsource@0.0.99.3-5.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "toolbox-debuginfo-0:0.0.99.3-5.el9.x86_64",
"product": {
"name": "toolbox-debuginfo-0:0.0.99.3-5.el9.x86_64",
"product_id": "toolbox-debuginfo-0:0.0.99.3-5.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debuginfo@0.0.99.3-5.el9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-5.el9.s390x",
"product": {
"name": "toolbox-0:0.0.99.3-5.el9.s390x",
"product_id": "toolbox-0:0.0.99.3-5.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-5.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "toolbox-tests-0:0.0.99.3-5.el9.s390x",
"product": {
"name": "toolbox-tests-0:0.0.99.3-5.el9.s390x",
"product_id": "toolbox-tests-0:0.0.99.3-5.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-tests@0.0.99.3-5.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "toolbox-debugsource-0:0.0.99.3-5.el9.s390x",
"product": {
"name": "toolbox-debugsource-0:0.0.99.3-5.el9.s390x",
"product_id": "toolbox-debugsource-0:0.0.99.3-5.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debugsource@0.0.99.3-5.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "toolbox-debuginfo-0:0.0.99.3-5.el9.s390x",
"product": {
"name": "toolbox-debuginfo-0:0.0.99.3-5.el9.s390x",
"product_id": "toolbox-debuginfo-0:0.0.99.3-5.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debuginfo@0.0.99.3-5.el9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-5.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.aarch64"
},
"product_reference": "toolbox-0:0.0.99.3-5.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-5.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.ppc64le"
},
"product_reference": "toolbox-0:0.0.99.3-5.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-5.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.s390x"
},
"product_reference": "toolbox-0:0.0.99.3-5.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-5.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.src"
},
"product_reference": "toolbox-0:0.0.99.3-5.el9.src",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-5.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.x86_64"
},
"product_reference": "toolbox-0:0.0.99.3-5.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debuginfo-0:0.0.99.3-5.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.aarch64"
},
"product_reference": "toolbox-debuginfo-0:0.0.99.3-5.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debuginfo-0:0.0.99.3-5.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.ppc64le"
},
"product_reference": "toolbox-debuginfo-0:0.0.99.3-5.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debuginfo-0:0.0.99.3-5.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.s390x"
},
"product_reference": "toolbox-debuginfo-0:0.0.99.3-5.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debuginfo-0:0.0.99.3-5.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.x86_64"
},
"product_reference": "toolbox-debuginfo-0:0.0.99.3-5.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debugsource-0:0.0.99.3-5.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.aarch64"
},
"product_reference": "toolbox-debugsource-0:0.0.99.3-5.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debugsource-0:0.0.99.3-5.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.ppc64le"
},
"product_reference": "toolbox-debugsource-0:0.0.99.3-5.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debugsource-0:0.0.99.3-5.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.s390x"
},
"product_reference": "toolbox-debugsource-0:0.0.99.3-5.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debugsource-0:0.0.99.3-5.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.x86_64"
},
"product_reference": "toolbox-debugsource-0:0.0.99.3-5.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-tests-0:0.0.99.3-5.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.aarch64"
},
"product_reference": "toolbox-tests-0:0.0.99.3-5.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-tests-0:0.0.99.3-5.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.ppc64le"
},
"product_reference": "toolbox-tests-0:0.0.99.3-5.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-tests-0:0.0.99.3-5.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.s390x"
},
"product_reference": "toolbox-tests-0:0.0.99.3-5.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-tests-0:0.0.99.3-5.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.x86_64"
},
"product_reference": "toolbox-tests-0:0.0.99.3-5.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1705",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107374"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: improper sanitization of Transfer-Encoding header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.src",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1705"
},
{
"category": "external",
"summary": "RHBZ#2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
},
{
"category": "external",
"summary": "https://go.dev/issue/53188",
"url": "https://go.dev/issue/53188"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T15:12:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.src",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8098"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.src",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: improper sanitization of Transfer-Encoding header"
},
{
"cve": "CVE-2022-30630",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107371"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: io/fs: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RH ProdSec has set the Impact of this vulnerability to Moderate as there is no known method to execute arbitary code. Successful exploitation of this bug can cause the application under attack to panic, merely causing a Denial of Service at the application level. As the kernel is unaffected by this bug, the user can merely relaunch the application to fix the problem. Also, if somehow the application keeps relaunching, the timer watchdogs in the default RHEL kernel will stop the attack in its tracks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.src",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30630"
},
{
"category": "external",
"summary": "RHBZ#2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
},
{
"category": "external",
"summary": "https://go.dev/issue/53415",
"url": "https://go.dev/issue/53415"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T15:12:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.src",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8098"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.src",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: io/fs: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30631",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: compress/gzip: stack exhaustion in Reader.Read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit CVE-2022-30631, an attacker supplies a specially crafted gzip archive to a Go application that uses a vulnerable version of the compress/gzip package without adequate input validation. This can lead to uncontrolled recursion, resulting in stack exhaustion and causing the application to panic, thereby affecting its availability.\n\nAs this is merely a DoS and there is no known way to control the instruction pointer, RH ProdSec has set the impact of this vulnerabilty to \"Moderate\".",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.src",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30631"
},
{
"category": "external",
"summary": "RHBZ#2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631"
},
{
"category": "external",
"summary": "https://go.dev/issue/53168",
"url": "https://go.dev/issue/53168"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T15:12:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.src",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8098"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.src",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: compress/gzip: stack exhaustion in Reader.Read"
},
{
"cve": "CVE-2022-30632",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: path/filepath: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.src",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30632"
},
{
"category": "external",
"summary": "RHBZ#2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
},
{
"category": "external",
"summary": "https://go.dev/issue/53416",
"url": "https://go.dev/issue/53416"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T15:12:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.src",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8098"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.src",
"AppStream-9.1.0.GA:toolbox-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-debuginfo-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-debugsource-0:0.0.99.3-5.el9.x86_64",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.aarch64",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.ppc64le",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.s390x",
"AppStream-9.1.0.GA:toolbox-tests-0:0.0.99.3-5.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: path/filepath: stack exhaustion in Glob"
}
]
}
RHSA-2022:8250
Vulnerability from csaf_redhat - Published: 2022-11-15 15:16 - Updated: 2026-05-30 08:31Summary
Red Hat Security Advisory: grafana-pcp security update
Severity
Moderate
Notes
Topic: An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.
Security Fix(es):
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.
6.5 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.
7.5 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.
7.5 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.
7.5 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.
7.5 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.
6.5 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
41 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.\n\nSecurity Fix(es):\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:8250",
"url": "https://access.redhat.com/errata/RHSA-2022:8250"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index"
},
{
"category": "external",
"summary": "2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8250.json"
}
],
"title": "Red Hat Security Advisory: grafana-pcp security update",
"tracking": {
"current_release_date": "2026-05-30T08:31:06+00:00",
"generator": {
"date": "2026-05-30T08:31:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2022:8250",
"initial_release_date": "2022-11-15T15:16:26+00:00",
"revision_history": [
{
"date": "2022-11-15T15:16:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-15T15:16:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-30T08:31:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:3.2.0-3.el9.src",
"product": {
"name": "grafana-pcp-0:3.2.0-3.el9.src",
"product_id": "grafana-pcp-0:3.2.0-3.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@3.2.0-3.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:3.2.0-3.el9.aarch64",
"product": {
"name": "grafana-pcp-0:3.2.0-3.el9.aarch64",
"product_id": "grafana-pcp-0:3.2.0-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@3.2.0-3.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:3.2.0-3.el9.aarch64",
"product": {
"name": "grafana-pcp-debuginfo-0:3.2.0-3.el9.aarch64",
"product_id": "grafana-pcp-debuginfo-0:3.2.0-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@3.2.0-3.el9?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:3.2.0-3.el9.ppc64le",
"product": {
"name": "grafana-pcp-0:3.2.0-3.el9.ppc64le",
"product_id": "grafana-pcp-0:3.2.0-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@3.2.0-3.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:3.2.0-3.el9.ppc64le",
"product": {
"name": "grafana-pcp-debuginfo-0:3.2.0-3.el9.ppc64le",
"product_id": "grafana-pcp-debuginfo-0:3.2.0-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@3.2.0-3.el9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:3.2.0-3.el9.x86_64",
"product": {
"name": "grafana-pcp-0:3.2.0-3.el9.x86_64",
"product_id": "grafana-pcp-0:3.2.0-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@3.2.0-3.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:3.2.0-3.el9.x86_64",
"product": {
"name": "grafana-pcp-debuginfo-0:3.2.0-3.el9.x86_64",
"product_id": "grafana-pcp-debuginfo-0:3.2.0-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@3.2.0-3.el9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:3.2.0-3.el9.s390x",
"product": {
"name": "grafana-pcp-0:3.2.0-3.el9.s390x",
"product_id": "grafana-pcp-0:3.2.0-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@3.2.0-3.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:3.2.0-3.el9.s390x",
"product": {
"name": "grafana-pcp-debuginfo-0:3.2.0-3.el9.s390x",
"product_id": "grafana-pcp-debuginfo-0:3.2.0-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@3.2.0-3.el9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:3.2.0-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.aarch64"
},
"product_reference": "grafana-pcp-0:3.2.0-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:3.2.0-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.ppc64le"
},
"product_reference": "grafana-pcp-0:3.2.0-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:3.2.0-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.s390x"
},
"product_reference": "grafana-pcp-0:3.2.0-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:3.2.0-3.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.src"
},
"product_reference": "grafana-pcp-0:3.2.0-3.el9.src",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:3.2.0-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.x86_64"
},
"product_reference": "grafana-pcp-0:3.2.0-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:3.2.0-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.aarch64"
},
"product_reference": "grafana-pcp-debuginfo-0:3.2.0-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:3.2.0-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.ppc64le"
},
"product_reference": "grafana-pcp-debuginfo-0:3.2.0-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:3.2.0-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.s390x"
},
"product_reference": "grafana-pcp-debuginfo-0:3.2.0-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:3.2.0-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.x86_64"
},
"product_reference": "grafana-pcp-debuginfo-0:3.2.0-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1705",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107374"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: improper sanitization of Transfer-Encoding header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.src",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1705"
},
{
"category": "external",
"summary": "RHBZ#2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
},
{
"category": "external",
"summary": "https://go.dev/issue/53188",
"url": "https://go.dev/issue/53188"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T15:16:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.src",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8250"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.src",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: improper sanitization of Transfer-Encoding header"
},
{
"cve": "CVE-2022-30630",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107371"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: io/fs: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RH ProdSec has set the Impact of this vulnerability to Moderate as there is no known method to execute arbitary code. Successful exploitation of this bug can cause the application under attack to panic, merely causing a Denial of Service at the application level. As the kernel is unaffected by this bug, the user can merely relaunch the application to fix the problem. Also, if somehow the application keeps relaunching, the timer watchdogs in the default RHEL kernel will stop the attack in its tracks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.src",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30630"
},
{
"category": "external",
"summary": "RHBZ#2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
},
{
"category": "external",
"summary": "https://go.dev/issue/53415",
"url": "https://go.dev/issue/53415"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T15:16:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.src",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8250"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.src",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: io/fs: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30631",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: compress/gzip: stack exhaustion in Reader.Read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit CVE-2022-30631, an attacker supplies a specially crafted gzip archive to a Go application that uses a vulnerable version of the compress/gzip package without adequate input validation. This can lead to uncontrolled recursion, resulting in stack exhaustion and causing the application to panic, thereby affecting its availability.\n\nAs this is merely a DoS and there is no known way to control the instruction pointer, RH ProdSec has set the impact of this vulnerabilty to \"Moderate\".",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.src",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30631"
},
{
"category": "external",
"summary": "RHBZ#2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631"
},
{
"category": "external",
"summary": "https://go.dev/issue/53168",
"url": "https://go.dev/issue/53168"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T15:16:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.src",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8250"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.src",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: compress/gzip: stack exhaustion in Reader.Read"
},
{
"cve": "CVE-2022-30632",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: path/filepath: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.src",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30632"
},
{
"category": "external",
"summary": "RHBZ#2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
},
{
"category": "external",
"summary": "https://go.dev/issue/53416",
"url": "https://go.dev/issue/53416"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T15:16:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.src",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8250"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.src",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: path/filepath: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30635",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/gob: stack exhaustion in Decoder.Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.The vulnerability has been rated as moderate instead of high because the vulnerability can only result in a minor denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.src",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30635"
},
{
"category": "external",
"summary": "RHBZ#2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635"
},
{
"category": "external",
"summary": "https://go.dev/issue/53615",
"url": "https://go.dev/issue/53615"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T15:16:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.src",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8250"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.src",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/gob: stack exhaustion in Decoder.Decode"
},
{
"cve": "CVE-2022-32148",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.src",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32148"
},
{
"category": "external",
"summary": "RHBZ#2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148"
},
{
"category": "external",
"summary": "https://go.dev/issue/53423",
"url": "https://go.dev/issue/53423"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T15:16:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.src",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8250"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.src",
"AppStream-9.1.0.GA:grafana-pcp-0:3.2.0-3.el9.x86_64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.aarch64",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.ppc64le",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.s390x",
"AppStream-9.1.0.GA:grafana-pcp-debuginfo-0:3.2.0-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working"
}
]
}
RHSA-2022:8634
Vulnerability from csaf_redhat - Published: 2022-11-28 02:51 - Updated: 2026-04-30 16:21Summary
Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.1 security and bug fix update
Severity
Moderate
Notes
Topic: OpenShift API for Data Protection (OADP) 1.1.1 is now available.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details: OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.
Security Fix(es) from Bugzilla:
* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le | — |
Vendor Fix
fix
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le | — |
Vendor Fix
fix
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64 | — |
Threats
Impact
Moderate
A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le | — |
Vendor Fix
fix
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64 | — |
Threats
Impact
Moderate
A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le | — |
Vendor Fix
fix
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the golang package. The JoinPath doesn't remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le | — |
Vendor Fix
fix
|
Known not affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64 | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x | — | ||
| Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64 | — |
Threats
Impact
Moderate
References
55 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "OpenShift API for Data Protection (OADP) 1.1.1 is now available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.\n\nSecurity Fix(es) from Bugzilla:\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:8634",
"url": "https://access.redhat.com/errata/RHSA-2022:8634"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2064702",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064702"
},
{
"category": "external",
"summary": "2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "2124668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "OADP-1002",
"url": "https://issues.redhat.com/browse/OADP-1002"
},
{
"category": "external",
"summary": "OADP-1016",
"url": "https://issues.redhat.com/browse/OADP-1016"
},
{
"category": "external",
"summary": "OADP-1020",
"url": "https://issues.redhat.com/browse/OADP-1020"
},
{
"category": "external",
"summary": "OADP-1027",
"url": "https://issues.redhat.com/browse/OADP-1027"
},
{
"category": "external",
"summary": "OADP-608",
"url": "https://issues.redhat.com/browse/OADP-608"
},
{
"category": "external",
"summary": "OADP-609",
"url": "https://issues.redhat.com/browse/OADP-609"
},
{
"category": "external",
"summary": "OADP-611",
"url": "https://issues.redhat.com/browse/OADP-611"
},
{
"category": "external",
"summary": "OADP-612",
"url": "https://issues.redhat.com/browse/OADP-612"
},
{
"category": "external",
"summary": "OADP-642",
"url": "https://issues.redhat.com/browse/OADP-642"
},
{
"category": "external",
"summary": "OADP-645",
"url": "https://issues.redhat.com/browse/OADP-645"
},
{
"category": "external",
"summary": "OADP-662",
"url": "https://issues.redhat.com/browse/OADP-662"
},
{
"category": "external",
"summary": "OADP-724",
"url": "https://issues.redhat.com/browse/OADP-724"
},
{
"category": "external",
"summary": "OADP-725",
"url": "https://issues.redhat.com/browse/OADP-725"
},
{
"category": "external",
"summary": "OADP-731",
"url": "https://issues.redhat.com/browse/OADP-731"
},
{
"category": "external",
"summary": "OADP-741",
"url": "https://issues.redhat.com/browse/OADP-741"
},
{
"category": "external",
"summary": "OADP-774",
"url": "https://issues.redhat.com/browse/OADP-774"
},
{
"category": "external",
"summary": "OADP-794",
"url": "https://issues.redhat.com/browse/OADP-794"
},
{
"category": "external",
"summary": "OADP-825",
"url": "https://issues.redhat.com/browse/OADP-825"
},
{
"category": "external",
"summary": "OADP-849",
"url": "https://issues.redhat.com/browse/OADP-849"
},
{
"category": "external",
"summary": "OADP-927",
"url": "https://issues.redhat.com/browse/OADP-927"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8634.json"
}
],
"title": "Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.1 security and bug fix update",
"tracking": {
"current_release_date": "2026-04-30T16:21:33+00:00",
"generator": {
"date": "2026-04-30T16:21:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2022:8634",
"initial_release_date": "2022-11-28T02:51:35+00:00",
"revision_history": [
{
"date": "2022-11-28T02:51:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-28T02:51:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T16:21:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-OADP-1.1",
"product": {
"name": "8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_api_data_protection:1.1::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift API for Data Protection"
},
{
"branches": [
{
"category": "product_version",
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"product": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"product_id": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel8\u0026tag=1.1.1-27"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"product": {
"name": "oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"product_id": "oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel8\u0026tag=1.1.1-29"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"product": {
"name": "oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"product_id": "oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.1.1-41"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"product": {
"name": "oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"product_id": "oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-rhel8-operator\u0026tag=1.1.1-22"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le",
"product": {
"name": "oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le",
"product_id": "oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel8\u0026tag=1.1.1-20"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"product": {
"name": "oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"product_id": "oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel8\u0026tag=1.1.1-16"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"product": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"product_id": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel8\u0026tag=1.1.1-16"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"product": {
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"product_id": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-csi-rhel8\u0026tag=1.1.1-23"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"product": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"product_id": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel8\u0026tag=1.1.1-17"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"product": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel8\u0026tag=1.1.1-16"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"product": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"product_id": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel8\u0026tag=1.1.1-18"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"product": {
"name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"product_id": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-volume-snapshot-mover-rhel8\u0026tag=1.1.1-26"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"product": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"product_id": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel8\u0026tag=1.1.1-27"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"product": {
"name": "oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"product_id": "oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel8\u0026tag=1.1.1-29"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"product": {
"name": "oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"product_id": "oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.1.1-41"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"product": {
"name": "oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"product_id": "oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-rhel8-operator\u0026tag=1.1.1-22"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"product": {
"name": "oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"product_id": "oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel8\u0026tag=1.1.1-20"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"product": {
"name": "oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"product_id": "oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel8\u0026tag=1.1.1-16"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"product": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"product_id": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel8\u0026tag=1.1.1-16"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"product": {
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"product_id": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-csi-rhel8\u0026tag=1.1.1-23"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"product": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"product_id": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel8\u0026tag=1.1.1-17"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"product": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel8\u0026tag=1.1.1-16"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"product": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"product_id": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel8\u0026tag=1.1.1-18"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"product": {
"name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"product_id": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-volume-snapshot-mover-rhel8\u0026tag=1.1.1-26"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"product": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"product_id": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel8\u0026tag=1.1.1-27"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"product": {
"name": "oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"product_id": "oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel8\u0026tag=1.1.1-29"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"product": {
"name": "oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"product_id": "oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.1.1-41"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"product": {
"name": "oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"product_id": "oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-rhel8-operator\u0026tag=1.1.1-22"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"product": {
"name": "oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"product_id": "oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel8\u0026tag=1.1.1-20"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"product_id": "oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel8\u0026tag=1.1.1-16"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"product_id": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel8\u0026tag=1.1.1-16"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"product_id": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-csi-rhel8\u0026tag=1.1.1-23"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"product_id": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel8\u0026tag=1.1.1-17"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"product": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel8\u0026tag=1.1.1-16"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"product": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"product_id": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel8\u0026tag=1.1.1-18"
}
}
},
{
"category": "product_version",
"name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64",
"product": {
"name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64",
"product_id": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-volume-snapshot-mover-rhel8\u0026tag=1.1.1-26"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le"
},
"product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x"
},
"product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64"
},
"product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le"
},
"product_reference": "oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64"
},
"product_reference": "oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x"
},
"product_reference": "oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x"
},
"product_reference": "oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le"
},
"product_reference": "oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64"
},
"product_reference": "oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le"
},
"product_reference": "oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64"
},
"product_reference": "oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x"
},
"product_reference": "oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x"
},
"product_reference": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le"
},
"product_reference": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x"
},
"product_reference": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le"
},
"product_reference": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le"
},
"product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x"
},
"product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le"
},
"product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x"
},
"product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le"
},
"product_reference": "oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64"
},
"product_reference": "oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x"
},
"product_reference": "oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64"
},
"product_reference": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le"
},
"product_reference": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x"
},
"product_reference": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64"
},
"product_reference": "oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x"
},
"product_reference": "oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le"
},
"product_reference": "oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le"
},
"product_reference": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x"
},
"product_reference": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"relates_to_product_reference": "8Base-OADP-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64 as a component of 8Base-OADP-1.1",
"product_id": "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
},
"product_reference": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64",
"relates_to_product_reference": "8Base-OADP-1.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-27191",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064702"
}
],
"notes": [
{
"category": "description",
"text": "A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crash in a golang.org/x/crypto/ssh server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP) the vulnerable golang.org/x/crypto/ssh package is bundled in many components. The affected code is in the SSH server portion that is not used, hence the impact by this vulnerability is reduced. Additionally the OCP installer components, that also bundle vulnerable golang.org/x/crypto/ssh package, are used only during the cluster installation process, hence for already deployed and running OCP clusters the installer components are considered as affected by this vulnerability but not impacted.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le"
],
"known_not_affected": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27191"
},
{
"category": "external",
"summary": "RHBZ#2064702",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064702"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27191",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27191",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27191"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ"
}
],
"release_date": "2022-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T02:51:35+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8634"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crash in a golang.org/x/crypto/ssh server"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le"
],
"known_not_affected": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T02:51:35+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8634"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"cve": "CVE-2022-30632",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: path/filepath: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le"
],
"known_not_affected": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30632"
},
{
"category": "external",
"summary": "RHBZ#2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
},
{
"category": "external",
"summary": "https://go.dev/issue/53416",
"url": "https://go.dev/issue/53416"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T02:51:35+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8634"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: path/filepath: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30635",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/gob: stack exhaustion in Decoder.Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.The vulnerability has been rated as moderate instead of high because the vulnerability can only result in a minor denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le"
],
"known_not_affected": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30635"
},
{
"category": "external",
"summary": "RHBZ#2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635"
},
{
"category": "external",
"summary": "https://go.dev/issue/53615",
"url": "https://go.dev/issue/53615"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T02:51:35+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8634"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/gob: stack exhaustion in Decoder.Decode"
},
{
"cve": "CVE-2022-32190",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124668"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. The JoinPath doesn\u0027t remove the ../ path components appended to a domain that is not terminated by a slash, possibly leading to a directory traversal attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: JoinPath does not strip relative path components in all circumstances",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerable functions, JoinPath and URL.JoinPath was introduced in upstream go1.19, whereas, RHEL ships go1.17 and go1.18 versions, which does not contain the vulnerable code. Hence, packages shipped with RHEL-8, RHEL-9 are not affected.\n\nAll Y stream releases of OpenShift Container Platform 4 run on RHEL-8 or RHEL-9, so OCP 4 is also not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le"
],
"known_not_affected": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32190"
},
{
"category": "external",
"summary": "RHBZ#2124668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124668"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32190",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32190"
},
{
"category": "external",
"summary": "https://go.dev/issue/54385",
"url": "https://go.dev/issue/54385"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-28T02:51:35+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8634"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:36c41473747952825632ab37ace5230d035eb2b22437db43abc100774373bfff_ppc64le",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:4aed79cea350c699ffa3cddda3ffd5e1f00d46436ed4de7057161237661ae523_s390x",
"8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:7a437c2304a2f8afe8116246ab7d984ea7bc474b075360ad25788eb20e418400_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2027f961b5eb33db40fba0d1037d3830b2e3a2de155ba37c03c0dd606a180b3e_ppc64le",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:bf295af188327b241546af2c4fda30b3915f76c8f05c7fadf1e120fafc95f276_amd64",
"8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:eef2e1f2def5cd097ef5631e9d0c9d80b0ce936a09a9f4daa74ce1d60a5c29bc_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7eeaaa04427752f4ba63e3abd02899fb35a1ae7d015e3fe239283c47864f1127_s390x",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a037c78586906aee892976a712c3b7225fd7ec20d520f55ae24a898ef5a86d30_ppc64le",
"8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a760acaf99548ee1782b665ce98ce7b6676eba294941e5b74c0d5a3ab5c5f9a3_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:a98b69c2bf5773a3527441ee44b51f27e50efb09fa73932e52598a6ba5a741eb_ppc64le",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:e7f8fb928593bf7504c195804bc1562cd3b9ffbc46bdb1d75e8e5c7558c76356_amd64",
"8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:f756510de309cab2b9420e075ece2643cfe79c4c5bfa7c90f58ed06feb78775f_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:419731ee8118ac762e4115064832e71f1cda13552c40b727fc20c81b244d22a9_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:96343511b8cfe3ad9df3f5a1e2c51d3302d32b7eeeb6ea1e4822c8a6856d2d51_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:d7e7da1afcae5bc8510ab5c23517d8d28f96e47340016729088781a958213c01_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:349cbb1106879f862cd42f9c9af280046d339a9eded40428178f7453986d5b5b_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a3880a08c92474cd0e9cb3034eeeb6b6c5b7045359c1a19c9f0f98a144737188_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:b55afe58cdee505d05180e88dfcc0f630dcfa19a2bbec72d256e1d4e79141b99_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:9c095c3294dc83493db05fabe9bfef46a161074c486cf0ad46019c5d621ba586_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:a0fa3599feb43cfdd415ded5c311a4796713429c700a7089da01dc3b420e706c_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:daa244bd00fd98d46d05bb4bcb562178d50d138c00329199872f8d9f7ecf4160_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:079cc03ce02b8da51600ef0f50c7b979177da3faa48643fda991e26cb2979700_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:4d91ec9565f8bace77481e04f821680b760cc58134dbbe7ebf184d1aeec828b4_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:b2a7d30f3d367cac2637116ac5e79533dc79149631ed280fb6132cc92a5ea7aa_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:0b2f1f61c2fe58d4c78d4c2fa14ed8f643cce686239143cfd179701ca13c25fe_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:38ea3d805ff8b1b940974d3e1df14b9626b7f9be2c1df5c828edba35db6713a0_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:50095681181e1e145fbfdf0ed3d7586a69890c07636fb0397a9f4694e6f589ef_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:98fc312123a0d08b628601f674443825e915a54a91e89cbe0c47d8473b7be0b8_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:bcd91152819872f1ce051cdb8dd10a166ca917a6f4a40c1645bcc43a45e475fa_ppc64le",
"8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:d7dfb48bcb7c385b5e403a161f9f75547191cbf9353d89655c49a49a507c3ff0_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:182617afd959e3848332d7ddf8e852c8bce783ebd20819dae709f62707a48553_amd64",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:378a1164f6a4b373ceb3324c4763f22a698f7ea011ee2cba695103666e6a5d09_s390x",
"8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:c1903bb813958cf463966e5373890f1100d20ea3b7acf7d29910c28d063b72be_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:38bd37201f9c134251fe9ce946983e825e147dfda261c1fd226c8a8b811eb856_ppc64le",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:b20119014cbac4f356bd44052ec827df4eab1422aa5ed3ba7b0e0aa67c5d08ab_s390x",
"8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:decf1467f5221c47d0e8926b0c603590393f630baa1973c8edae8494e2566dd4_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/url: JoinPath does not strip relative path components in all circumstances"
}
]
}
RHSA-2022:9047
Vulnerability from csaf_redhat - Published: 2022-12-15 01:57 - Updated: 2026-05-15 02:20Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.6 security and bug fix update
Severity
Moderate
Notes
Topic: The Migration Toolkit for Containers (MTC) 1.7.6 is now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es) from Bugzilla:
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64 | — |
Threats
Impact
Moderate
A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.
7.3 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.
CWE-331 - Insufficient EntropyAffected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64 | — |
Vendor Fix
fix
|
Known not affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64 | — |
Threats
Impact
Low
A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64 | — |
Threats
Impact
Moderate
A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64 | — |
Threats
Impact
Moderate
A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64 | — |
Threats
Impact
Moderate
A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64 | — |
Threats
Impact
Moderate
A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64 | — |
Threats
Impact
Moderate
References
65 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The Migration Toolkit for Containers (MTC) 1.7.6 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es) from Bugzilla:\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:9047",
"url": "https://access.redhat.com/errata/RHSA-2022:9047"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "2107376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
},
{
"category": "external",
"summary": "2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "external",
"summary": "2132957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132957"
},
{
"category": "external",
"summary": "2137304",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137304"
},
{
"category": "external",
"summary": "2140208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140208"
},
{
"category": "external",
"summary": "2143628",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143628"
},
{
"category": "external",
"summary": "2143872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143872"
},
{
"category": "external",
"summary": "2149920",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149920"
},
{
"category": "external",
"summary": "MIG-1240",
"url": "https://issues.redhat.com/browse/MIG-1240"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_9047.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.6 security and bug fix update",
"tracking": {
"current_release_date": "2026-05-15T02:20:39+00:00",
"generator": {
"date": "2026-05-15T02:20:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2022:9047",
"initial_release_date": "2022-12-15T01:57:35+00:00",
"revision_history": [
{
"date": "2022-12-15T01:57:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-12-15T01:57:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-15T02:20:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-RHMTC-1.7",
"product": {
"name": "8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.7::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Migration Toolkit"
},
{
"branches": [
{
"category": "product_version",
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64",
"product": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64",
"product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.7.6-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64",
"product": {
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64",
"product_id": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-hook-runner-rhel8\u0026tag=v1.7.6-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64",
"product": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64",
"product_id": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator\u0026tag=v1.7.6-7"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64",
"product": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64",
"product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.7.6-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64",
"product": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64",
"product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.7.6-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64",
"product": {
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64",
"product_id": "rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-openvpn-rhel8\u0026tag=v1.7.6-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64",
"product": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64",
"product_id": "rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator\u0026tag=v1.7.6-7"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64",
"product": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64",
"product_id": "rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.7.6-7"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64",
"product": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64",
"product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.7.6-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64",
"product": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64",
"product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.7.6-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64",
"product": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64",
"product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.7.6-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64",
"product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.7.6-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.7.6-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.7.6-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.7.6-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64",
"product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.7.6-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64",
"product": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64",
"product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.7.6-5"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64"
},
"product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64"
},
"product_reference": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64"
},
"product_reference": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64"
},
"product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64"
},
"product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64"
},
"product_reference": "rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64"
},
"product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64"
},
"product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64"
},
"product_reference": "rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64"
},
"product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64"
},
"product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64"
},
"product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1705",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107374"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: improper sanitization of Transfer-Encoding header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1705"
},
{
"category": "external",
"summary": "RHBZ#2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
},
{
"category": "external",
"summary": "https://go.dev/issue/53188",
"url": "https://go.dev/issue/53188"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-15T01:57:35+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:9047"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: improper sanitization of Transfer-Encoding header"
},
{
"cve": "CVE-2022-1962",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: go/parser: stack exhaustion in all Parse* functions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1962"
},
{
"category": "external",
"summary": "RHBZ#2107376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962"
},
{
"category": "external",
"summary": "https://go.dev/issue/53616",
"url": "https://go.dev/issue/53616"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-15T01:57:35+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:9047"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: go/parser: stack exhaustion in all Parse* functions"
},
{
"cve": "CVE-2022-28131",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Decoder.Skip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability exists in the calling of the function decoder.skip to a deeply nested XML document. Although the vulnerability exists, it may require that the application accept deeply nested XML from untrusted sources and specifically calls Decoder.Skip on it. In many deployments, that code path might not even be reachable or exposed to external input. On top of that, a successful exploitation will only result in denial of service due to stack exhaustion, which is why this has been marked as moderate by Red Hat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28131"
},
{
"category": "external",
"summary": "RHBZ#2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131"
},
{
"category": "external",
"summary": "https://go.dev/issue/53614",
"url": "https://go.dev/issue/53614"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-15T01:57:35+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:9047"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: stack exhaustion in Decoder.Skip"
},
{
"cve": "CVE-2022-30629",
"cwe": {
"id": "CWE-331",
"name": "Insufficient Entropy"
},
"discovery_date": "2022-06-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2092793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: session tickets lack random ticket_age_add",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30629"
},
{
"category": "external",
"summary": "RHBZ#2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
"url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
}
],
"release_date": "2022-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-15T01:57:35+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:9047"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/tls: session tickets lack random ticket_age_add"
},
{
"cve": "CVE-2022-30630",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107371"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: io/fs: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RH ProdSec has set the Impact of this vulnerability to Moderate as there is no known method to execute arbitary code. Successful exploitation of this bug can cause the application under attack to panic, merely causing a Denial of Service at the application level. As the kernel is unaffected by this bug, the user can merely relaunch the application to fix the problem. Also, if somehow the application keeps relaunching, the timer watchdogs in the default RHEL kernel will stop the attack in its tracks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30630"
},
{
"category": "external",
"summary": "RHBZ#2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
},
{
"category": "external",
"summary": "https://go.dev/issue/53415",
"url": "https://go.dev/issue/53415"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-15T01:57:35+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:9047"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: io/fs: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30632",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: path/filepath: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30632"
},
{
"category": "external",
"summary": "RHBZ#2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
},
{
"category": "external",
"summary": "https://go.dev/issue/53416",
"url": "https://go.dev/issue/53416"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-15T01:57:35+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:9047"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: path/filepath: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30633",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Unmarshal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has marked this as moderate impact for two primary reasons\n1. Though the vulnerability exists, it is hard to exploit in real scenarios (e.g., the attacker must be able to feed crafted XML documents into specific code paths).\n2. The vulnerability is a denial of service (DoS) due to stack exhaustion rather than code execution or data breach. Since it doesn\u2019t compromise confidentiality or integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30633"
},
{
"category": "external",
"summary": "RHBZ#2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633"
},
{
"category": "external",
"summary": "https://go.dev/issue/53611",
"url": "https://go.dev/issue/53611"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-15T01:57:35+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:9047"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: stack exhaustion in Unmarshal"
},
{
"cve": "CVE-2022-30635",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/gob: stack exhaustion in Decoder.Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.The vulnerability has been rated as moderate instead of high because the vulnerability can only result in a minor denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30635"
},
{
"category": "external",
"summary": "RHBZ#2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635"
},
{
"category": "external",
"summary": "https://go.dev/issue/53615",
"url": "https://go.dev/issue/53615"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-15T01:57:35+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:9047"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/gob: stack exhaustion in Decoder.Decode"
},
{
"cve": "CVE-2022-32148",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32148"
},
{
"category": "external",
"summary": "RHBZ#2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148"
},
{
"category": "external",
"summary": "https://go.dev/issue/53423",
"url": "https://go.dev/issue/53423"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-12-15T01:57:35+00:00",
"details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:9047"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:11ea9e0cd77425db46a682a146a841d8127129048db98bbb7bc456d55e1c0d6c_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:d1f78e4f37b414d5007c8e5711de3e95179612722a1c0dba5ab70d7a57b171b9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:dd304118410ab622dab252504a18245012155894c3f89fd74af1aeffce0d4b5b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:fa36a6123064aefa646293b919c58660905a5f05b61ef35c7c767b6f88e4949f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:fcbfc67d121d1d88f3ba16912f0920999c424ceab823cc9642a2f146ed103744_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:7b6879e9e14e5e7622635f3755aa002e438da06969fdcae7bc8b9f90ab3bb4fe_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:b46a79a60ef37106d34c5b54a65af27cf3953d367586718e80df6d4468238a2d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:0b36e9ff32de1e801ddd34ccad1ea0a17029e17d2b93d0ea512c08b5b8a7f012_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:7b02b5182ff57b9bfa5857aa9e4da5ce5218198228044765047a4e41df6702c1_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:2d5ca15f95a1c45e40e983328eb28584164499f70af901ad23fcd29fd3b6d800_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:951c384edd74377add1acd4590d9eceb30d147cb5f3042679e4c19d43b94e6c0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:c0685deaac37756a5f61923596086d9165199f7cf774a9a8719e15504ae2caee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:dc8c6f17710f9757b98411f7f3e5e45452878a69498b0efc6b6fac17a7521c32_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:441c6e0854078633d2ff13315db18965a96aa48dfe3cb843f74463a69f725f46_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:297eeba673e224cad38b069f2e63be1b863d148710f53ce605d062088c150a9d_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:1f4bad1258ebb47d8faec192a61af8926b4b46b0208fad1317c6d4434733c42e_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:b736ee68818e6e5193c8da383a7a2243dad4c8c198c4fb7370e856eaf0cf6714_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working"
}
]
}
RHSA-2023:0407
Vulnerability from csaf_redhat - Published: 2023-01-24 12:51 - Updated: 2026-05-30 08:31Summary
Red Hat Security Advisory: OpenShift Virtualization 4.12.0 RPMs security update
Severity
Moderate
Notes
Topic: Updated release packages that fix several bugs and add various enhancements are now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.0 RPMs.
Security Fix(es):
* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)
* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
There's a flaw in golang's syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().
4.8 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.
6.5 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.
5.5 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A stack overflow flaw was found in Golang's regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.
7.3 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.
CWE-331 - Insufficient EntropyAffected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.
6.5 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
88 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated release packages that fix several bugs and add various enhancements are now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform.\u00a0This advisory contains OpenShift Virtualization 4.12.0 RPMs.\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0407",
"url": "https://access.redhat.com/errata/RHSA-2023:0407"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2030801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
},
{
"category": "external",
"summary": "2030806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
},
{
"category": "external",
"summary": "2064857",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857"
},
{
"category": "external",
"summary": "2089804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089804"
},
{
"category": "external",
"summary": "2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "2100495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495"
},
{
"category": "external",
"summary": "2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "2107376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
},
{
"category": "external",
"summary": "2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0407.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Virtualization 4.12.0 RPMs security update",
"tracking": {
"current_release_date": "2026-05-30T08:31:03+00:00",
"generator": {
"date": "2026-05-30T08:31:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:0407",
"initial_release_date": "2023-01-24T12:51:07+00:00",
"revision_history": [
{
"date": "2023-01-24T12:51:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-24T12:51:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-30T08:31:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CNV 4.12 for RHEL 8",
"product": {
"name": "CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:container_native_virtualization:4.12::el8"
}
}
},
{
"category": "product_name",
"name": "CNV 4.12 for RHEL 7",
"product": {
"name": "CNV 4.12 for RHEL 7",
"product_id": "7Server-CNV-4.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:container_native_virtualization:4.12::el7"
}
}
}
],
"category": "product_family",
"name": "OpenShift Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "kubevirt-0:4.12.0-1057.el8.src",
"product": {
"name": "kubevirt-0:4.12.0-1057.el8.src",
"product_id": "kubevirt-0:4.12.0-1057.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt@4.12.0-1057.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "kubevirt-0:4.12.0-1057.el7.src",
"product": {
"name": "kubevirt-0:4.12.0-1057.el7.src",
"product_id": "kubevirt-0:4.12.0-1057.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt@4.12.0-1057.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"product": {
"name": "kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"product_id": "kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt-virtctl@4.12.0-1057.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64",
"product": {
"name": "kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64",
"product_id": "kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt-virtctl-redistributable@4.12.0-1057.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"product": {
"name": "kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"product_id": "kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt-virtctl@4.12.0-1057.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"product": {
"name": "kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"product_id": "kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kubevirt-virtctl-redistributable@4.12.0-1057.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-0:4.12.0-1057.el7.src as a component of CNV 4.12 for RHEL 7",
"product_id": "7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src"
},
"product_reference": "kubevirt-0:4.12.0-1057.el7.src",
"relates_to_product_reference": "7Server-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-0:4.12.0-1057.el7.x86_64 as a component of CNV 4.12 for RHEL 7",
"product_id": "7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64"
},
"product_reference": "kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"relates_to_product_reference": "7Server-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64 as a component of CNV 4.12 for RHEL 7",
"product_id": "7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64"
},
"product_reference": "kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"relates_to_product_reference": "7Server-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-0:4.12.0-1057.el8.src as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src"
},
"product_reference": "kubevirt-0:4.12.0-1057.el8.src",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-0:4.12.0-1057.el8.x86_64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64"
},
"product_reference": "kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
},
"product_reference": "kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64",
"relates_to_product_reference": "8Base-CNV-4.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-38561",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2022-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2100495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw may be triggered only by accepting untrusted user input to the vulnerable golang\u0027s library. The overall DoS attack vector depends directly on how the library\u0027s input is exposed by the consuming application, thus Red Hat rates impact as Moderate.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.5 version, the registration-operator, lighthouse-coredns, lighthouse-agent, gatekeeper-operator, and discovery-operator components are affected by this flaw, but the rest of the components are using an already patched version and are unaffected. For 2.4 and previous versions of Red Hat Advanced Cluster Management for Kubernetes (RHACM), most of the components are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-38561"
},
{
"category": "external",
"summary": "RHBZ#2100495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-38561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2021-0113",
"url": "https://pkg.go.dev/vuln/GO-2021-0113"
}
],
"release_date": "2021-08-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-24T12:51:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0407"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS"
},
{
"cve": "CVE-2021-44716",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030801"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s an uncontrolled resource consumption flaw in golang\u0027s net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http\u0027s http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: limit growth of header canonicalization cache",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For OpenShift Container Platform, OpenShift Virtualization, Red Hat Quay and OpenShift distributed tracing the most an attacker can possibly achieve by exploiting this vulnerability is to crash a container, temporarily impacting availability of one or more services. Therefore impact is rated Moderate.\n\nIn its default configuration, grafana as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability. However, enabling http2 in /etc/grafana/grafana.ini explicitly would render grafana affected, therefore grafana has been marked affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44716"
},
{
"category": "external",
"summary": "RHBZ#2030801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-24T12:51:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0407"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by disabling HTTP/2. Setting the GODEBUG=http2server=0 environment variable before calling Serve will disable HTTP/2 unless it was manually configured through the golang.org/x/net/http2 package.",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: limit growth of header canonicalization cache"
},
{
"cve": "CVE-2021-44717",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030806"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s a flaw in golang\u0027s syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: syscall: don\u0027t close fd 0 on ForkExec error",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* This flaw has had the severity level set to Moderate due to the attack complexity required to exhaust file descriptors at the time ForkExec is called, plus an attacker does not necessarily have direct control over where/how data is leaked.\n\n* For Service Telemetry Framework, because the flaw\u0027s impact is lower, no update will be provided at this time for its containers.\n\n* runc shipped with Red Hat Enterprise Linux 8 and 9 are not affected by this flaw because the flaw is already patched in the shipped versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44717"
},
{
"category": "external",
"summary": "RHBZ#2030806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-24T12:51:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0407"
},
{
"category": "workaround",
"details": "This bug can be mitigated by raising the per-process file descriptor limit.",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: syscall: don\u0027t close fd 0 on ForkExec error"
},
{
"cve": "CVE-2022-1705",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107374"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: improper sanitization of Transfer-Encoding header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1705"
},
{
"category": "external",
"summary": "RHBZ#2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
},
{
"category": "external",
"summary": "https://go.dev/issue/53188",
"url": "https://go.dev/issue/53188"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-24T12:51:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0407"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: improper sanitization of Transfer-Encoding header"
},
{
"cve": "CVE-2022-1962",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: go/parser: stack exhaustion in all Parse* functions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1962"
},
{
"category": "external",
"summary": "RHBZ#2107376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962"
},
{
"category": "external",
"summary": "https://go.dev/issue/53616",
"url": "https://go.dev/issue/53616"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-24T12:51:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0407"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: go/parser: stack exhaustion in all Parse* functions"
},
{
"cve": "CVE-2022-24921",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064857"
}
],
"notes": [
{
"category": "description",
"text": "A stack overflow flaw was found in Golang\u0027s regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp: stack exhaustion via a deeply nested expression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been rated as a Moderate impact flaw because the exploitation of this flaw requires that an affected application accept arbitrarily long regexps from untrusted sources, which has inherent risks (even without this flaw), especially involving impacts to application availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24921"
},
{
"category": "external",
"summary": "RHBZ#2064857",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk",
"url": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk"
}
],
"release_date": "2022-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-24T12:51:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0407"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp: stack exhaustion via a deeply nested expression"
},
{
"cve": "CVE-2022-28131",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Decoder.Skip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability exists in the calling of the function decoder.skip to a deeply nested XML document. Although the vulnerability exists, it may require that the application accept deeply nested XML from untrusted sources and specifically calls Decoder.Skip on it. In many deployments, that code path might not even be reachable or exposed to external input. On top of that, a successful exploitation will only result in denial of service due to stack exhaustion, which is why this has been marked as moderate by Red Hat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28131"
},
{
"category": "external",
"summary": "RHBZ#2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131"
},
{
"category": "external",
"summary": "https://go.dev/issue/53614",
"url": "https://go.dev/issue/53614"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-24T12:51:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0407"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: stack exhaustion in Decoder.Skip"
},
{
"cve": "CVE-2022-30629",
"cwe": {
"id": "CWE-331",
"name": "Insufficient Entropy"
},
"discovery_date": "2022-06-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2092793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: session tickets lack random ticket_age_add",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30629"
},
{
"category": "external",
"summary": "RHBZ#2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
"url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
}
],
"release_date": "2022-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-24T12:51:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0407"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/tls: session tickets lack random ticket_age_add"
},
{
"cve": "CVE-2022-30630",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107371"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: io/fs: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RH ProdSec has set the Impact of this vulnerability to Moderate as there is no known method to execute arbitary code. Successful exploitation of this bug can cause the application under attack to panic, merely causing a Denial of Service at the application level. As the kernel is unaffected by this bug, the user can merely relaunch the application to fix the problem. Also, if somehow the application keeps relaunching, the timer watchdogs in the default RHEL kernel will stop the attack in its tracks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30630"
},
{
"category": "external",
"summary": "RHBZ#2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
},
{
"category": "external",
"summary": "https://go.dev/issue/53415",
"url": "https://go.dev/issue/53415"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-24T12:51:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0407"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: io/fs: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30631",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: compress/gzip: stack exhaustion in Reader.Read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit CVE-2022-30631, an attacker supplies a specially crafted gzip archive to a Go application that uses a vulnerable version of the compress/gzip package without adequate input validation. This can lead to uncontrolled recursion, resulting in stack exhaustion and causing the application to panic, thereby affecting its availability.\n\nAs this is merely a DoS and there is no known way to control the instruction pointer, RH ProdSec has set the impact of this vulnerabilty to \"Moderate\".",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30631"
},
{
"category": "external",
"summary": "RHBZ#2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631"
},
{
"category": "external",
"summary": "https://go.dev/issue/53168",
"url": "https://go.dev/issue/53168"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-24T12:51:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0407"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: compress/gzip: stack exhaustion in Reader.Read"
},
{
"cve": "CVE-2022-30632",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: path/filepath: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30632"
},
{
"category": "external",
"summary": "RHBZ#2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
},
{
"category": "external",
"summary": "https://go.dev/issue/53416",
"url": "https://go.dev/issue/53416"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-24T12:51:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0407"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: path/filepath: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30633",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Unmarshal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has marked this as moderate impact for two primary reasons\n1. Though the vulnerability exists, it is hard to exploit in real scenarios (e.g., the attacker must be able to feed crafted XML documents into specific code paths).\n2. The vulnerability is a denial of service (DoS) due to stack exhaustion rather than code execution or data breach. Since it doesn\u2019t compromise confidentiality or integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30633"
},
{
"category": "external",
"summary": "RHBZ#2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633"
},
{
"category": "external",
"summary": "https://go.dev/issue/53611",
"url": "https://go.dev/issue/53611"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-24T12:51:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0407"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: stack exhaustion in Unmarshal"
},
{
"cve": "CVE-2022-30635",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/gob: stack exhaustion in Decoder.Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.The vulnerability has been rated as moderate instead of high because the vulnerability can only result in a minor denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30635"
},
{
"category": "external",
"summary": "RHBZ#2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635"
},
{
"category": "external",
"summary": "https://go.dev/issue/53615",
"url": "https://go.dev/issue/53615"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-24T12:51:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0407"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/gob: stack exhaustion in Decoder.Decode"
},
{
"cve": "CVE-2022-32148",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32148"
},
{
"category": "external",
"summary": "RHBZ#2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148"
},
{
"category": "external",
"summary": "https://go.dev/issue/53423",
"url": "https://go.dev/issue/53423"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-24T12:51:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0407"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-CNV-4.12:kubevirt-0:4.12.0-1057.el7.src",
"7Server-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el7.x86_64",
"7Server-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el7.x86_64",
"8Base-CNV-4.12:kubevirt-0:4.12.0-1057.el8.src",
"8Base-CNV-4.12:kubevirt-virtctl-0:4.12.0-1057.el8.x86_64",
"8Base-CNV-4.12:kubevirt-virtctl-redistributable-0:4.12.0-1057.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working"
}
]
}
RHSA-2023:0408
Vulnerability from csaf_redhat - Published: 2023-01-25 11:11 - Updated: 2026-05-30 08:31Summary
Red Hat Security Advisory: OpenShift Virtualization 4.12.0 Images security update
Severity
Important
Notes
Topic: Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images:
Security Fix(es):
* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
* golang: syscall: faccessat checks wrong group (CVE-2022-29526)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
RHEL-8-CNV-4.12
==============
bridge-marker-container-v4.12.0-24
cluster-network-addons-operator-container-v4.12.0-24
cnv-containernetworking-plugins-container-v4.12.0-24
cnv-must-gather-container-v4.12.0-58
hco-bundle-registry-container-v4.12.0-769
hostpath-csi-driver-container-v4.12.0-30
hostpath-provisioner-container-v4.12.0-30
hostpath-provisioner-operator-container-v4.12.0-31
hyperconverged-cluster-operator-container-v4.12.0-96
hyperconverged-cluster-webhook-container-v4.12.0-96
kubemacpool-container-v4.12.0-24
kubevirt-console-plugin-container-v4.12.0-182
kubevirt-ssp-operator-container-v4.12.0-64
kubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55
kubevirt-tekton-tasks-copy-template-container-v4.12.0-55
kubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55
kubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55
kubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55
kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55
kubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55
kubevirt-tekton-tasks-operator-container-v4.12.0-40
kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55
kubevirt-template-validator-container-v4.12.0-32
libguestfs-tools-container-v4.12.0-255
ovs-cni-marker-container-v4.12.0-24
ovs-cni-plugin-container-v4.12.0-24
virt-api-container-v4.12.0-255
virt-artifacts-server-container-v4.12.0-255
virt-cdi-apiserver-container-v4.12.0-72
virt-cdi-cloner-container-v4.12.0-72
virt-cdi-controller-container-v4.12.0-72
virt-cdi-importer-container-v4.12.0-72
virt-cdi-operator-container-v4.12.0-72
virt-cdi-uploadproxy-container-v4.12.0-71
virt-cdi-uploadserver-container-v4.12.0-72
virt-controller-container-v4.12.0-255
virt-exportproxy-container-v4.12.0-255
virt-exportserver-container-v4.12.0-255
virt-handler-container-v4.12.0-255
virt-launcher-container-v4.12.0-255
virt-operator-container-v4.12.0-255
virtio-win-container-v4.12.0-10
vm-network-latency-checkup-container-v4.12.0-89
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.
7.5 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — |
Vendor Fix
fix
|
Known not affected
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Moderate
There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.
7.5 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Workaround
|
Threats
Impact
Moderate
There's a flaw in golang's syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().
4.8 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
|
Known not affected
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Moderate
An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.
7.7 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — |
Vendor Fix
fix
|
Known not affected
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Important
A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
|
Known not affected
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.
7.5 (High)
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — |
Vendor Fix
fix
|
Known not affected
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.
7.5 (High)
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — |
Vendor Fix
fix
|
Known not affected
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.
7.1 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — |
Vendor Fix
fix
|
Known not affected
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Moderate
A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.
7.3 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
|
Known not affected
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability.
6.2 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — |
Vendor Fix
fix
|
Known not affected
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.
CWE-331 - Insufficient EntropyAffected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — |
Vendor Fix
fix
|
Known not affected
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Low
A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
|
Known not affected
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Moderate
A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
|
Known not affected
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Moderate
A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
|
Known not affected
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Moderate
A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
|
Known not affected
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Moderate
A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
|
Known not affected
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Moderate
A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 | — |
Vendor Fix
fix
|
Known not affected
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 | — | ||
| Unresolved product id: 8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 | — |
Threats
Impact
Moderate
References
339 references
Acknowledgments
NCC Group
Oliver Brooks and James Klopchic
Joël Gähwiler
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images:\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nRHEL-8-CNV-4.12\n\n==============\n\nbridge-marker-container-v4.12.0-24\ncluster-network-addons-operator-container-v4.12.0-24\ncnv-containernetworking-plugins-container-v4.12.0-24\ncnv-must-gather-container-v4.12.0-58\nhco-bundle-registry-container-v4.12.0-769\nhostpath-csi-driver-container-v4.12.0-30\nhostpath-provisioner-container-v4.12.0-30\nhostpath-provisioner-operator-container-v4.12.0-31\nhyperconverged-cluster-operator-container-v4.12.0-96\nhyperconverged-cluster-webhook-container-v4.12.0-96\nkubemacpool-container-v4.12.0-24\nkubevirt-console-plugin-container-v4.12.0-182\nkubevirt-ssp-operator-container-v4.12.0-64\nkubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55\nkubevirt-tekton-tasks-copy-template-container-v4.12.0-55\nkubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55\nkubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55\nkubevirt-tekton-tasks-operator-container-v4.12.0-40\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55\nkubevirt-template-validator-container-v4.12.0-32\nlibguestfs-tools-container-v4.12.0-255\novs-cni-marker-container-v4.12.0-24\novs-cni-plugin-container-v4.12.0-24\nvirt-api-container-v4.12.0-255\nvirt-artifacts-server-container-v4.12.0-255\nvirt-cdi-apiserver-container-v4.12.0-72\nvirt-cdi-cloner-container-v4.12.0-72\nvirt-cdi-controller-container-v4.12.0-72\nvirt-cdi-importer-container-v4.12.0-72\nvirt-cdi-operator-container-v4.12.0-72\nvirt-cdi-uploadproxy-container-v4.12.0-71\nvirt-cdi-uploadserver-container-v4.12.0-72\nvirt-controller-container-v4.12.0-255\nvirt-exportproxy-container-v4.12.0-255\nvirt-exportserver-container-v4.12.0-255\nvirt-handler-container-v4.12.0-255\nvirt-launcher-container-v4.12.0-255\nvirt-operator-container-v4.12.0-255\nvirtio-win-container-v4.12.0-10\nvm-network-latency-checkup-container-v4.12.0-89",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0408",
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1719190",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1719190"
},
{
"category": "external",
"summary": "2023393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023393"
},
{
"category": "external",
"summary": "2030801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
},
{
"category": "external",
"summary": "2030806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
},
{
"category": "external",
"summary": "2040377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040377"
},
{
"category": "external",
"summary": "2046298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046298"
},
{
"category": "external",
"summary": "2052556",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052556"
},
{
"category": "external",
"summary": "2053429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
},
{
"category": "external",
"summary": "2053532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
},
{
"category": "external",
"summary": "2053541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
},
{
"category": "external",
"summary": "2060499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060499"
},
{
"category": "external",
"summary": "2069098",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069098"
},
{
"category": "external",
"summary": "2070366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070366"
},
{
"category": "external",
"summary": "2071491",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071491"
},
{
"category": "external",
"summary": "2072797",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072797"
},
{
"category": "external",
"summary": "2072821",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072821"
},
{
"category": "external",
"summary": "2079916",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079916"
},
{
"category": "external",
"summary": "2084085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
},
{
"category": "external",
"summary": "2086285",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086285"
},
{
"category": "external",
"summary": "2086551",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086551"
},
{
"category": "external",
"summary": "2087724",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087724"
},
{
"category": "external",
"summary": "2088129",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088129"
},
{
"category": "external",
"summary": "2088464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088464"
},
{
"category": "external",
"summary": "2089391",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089391"
},
{
"category": "external",
"summary": "2089744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089744"
},
{
"category": "external",
"summary": "2089751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089751"
},
{
"category": "external",
"summary": "2089804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089804"
},
{
"category": "external",
"summary": "2091856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091856"
},
{
"category": "external",
"summary": "2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "2092796",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092796"
},
{
"category": "external",
"summary": "2093771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093771"
},
{
"category": "external",
"summary": "2093996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093996"
},
{
"category": "external",
"summary": "2094202",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094202"
},
{
"category": "external",
"summary": "2096285",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096285"
},
{
"category": "external",
"summary": "2096780",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096780"
},
{
"category": "external",
"summary": "2097436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097436"
},
{
"category": "external",
"summary": "2097586",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097586"
},
{
"category": "external",
"summary": "2099556",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099556"
},
{
"category": "external",
"summary": "2099573",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099573"
},
{
"category": "external",
"summary": "2099923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099923"
},
{
"category": "external",
"summary": "2100290",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100290"
},
{
"category": "external",
"summary": "2100436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100436"
},
{
"category": "external",
"summary": "2100442",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100442"
},
{
"category": "external",
"summary": "2100495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495"
},
{
"category": "external",
"summary": "2100629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100629"
},
{
"category": "external",
"summary": "2100679",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100679"
},
{
"category": "external",
"summary": "2100682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100682"
},
{
"category": "external",
"summary": "2100684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100684"
},
{
"category": "external",
"summary": "2101144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101144"
},
{
"category": "external",
"summary": "2101164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101164"
},
{
"category": "external",
"summary": "2101167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101167"
},
{
"category": "external",
"summary": "2101333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101333"
},
{
"category": "external",
"summary": "2101335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101335"
},
{
"category": "external",
"summary": "2101390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101390"
},
{
"category": "external",
"summary": "2101394",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101394"
},
{
"category": "external",
"summary": "2101423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101423"
},
{
"category": "external",
"summary": "2101430",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101430"
},
{
"category": "external",
"summary": "2101445",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101445"
},
{
"category": "external",
"summary": "2101454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101454"
},
{
"category": "external",
"summary": "2101499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101499"
},
{
"category": "external",
"summary": "2101501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101501"
},
{
"category": "external",
"summary": "2101628",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101628"
},
{
"category": "external",
"summary": "2101667",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101667"
},
{
"category": "external",
"summary": "2101681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101681"
},
{
"category": "external",
"summary": "2102074",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102074"
},
{
"category": "external",
"summary": "2102125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102125"
},
{
"category": "external",
"summary": "2102132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102132"
},
{
"category": "external",
"summary": "2102138",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102138"
},
{
"category": "external",
"summary": "2102256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102256"
},
{
"category": "external",
"summary": "2102448",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102448"
},
{
"category": "external",
"summary": "2102475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102475"
},
{
"category": "external",
"summary": "2102561",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102561"
},
{
"category": "external",
"summary": "2102737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102737"
},
{
"category": "external",
"summary": "2102740",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102740"
},
{
"category": "external",
"summary": "2103806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103806"
},
{
"category": "external",
"summary": "2103807",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103807"
},
{
"category": "external",
"summary": "2103817",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103817"
},
{
"category": "external",
"summary": "2103844",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103844"
},
{
"category": "external",
"summary": "2104331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104331"
},
{
"category": "external",
"summary": "2104402",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104402"
},
{
"category": "external",
"summary": "2104422",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104422"
},
{
"category": "external",
"summary": "2104424",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104424"
},
{
"category": "external",
"summary": "2104479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104479"
},
{
"category": "external",
"summary": "2104480",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104480"
},
{
"category": "external",
"summary": "2104785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104785"
},
{
"category": "external",
"summary": "2104859",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104859"
},
{
"category": "external",
"summary": "2105257",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105257"
},
{
"category": "external",
"summary": "2106175",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2106175"
},
{
"category": "external",
"summary": "2106963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2106963"
},
{
"category": "external",
"summary": "2107279",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107279"
},
{
"category": "external",
"summary": "2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "2107376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
},
{
"category": "external",
"summary": "2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "external",
"summary": "2108339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108339"
},
{
"category": "external",
"summary": "2108638",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108638"
},
{
"category": "external",
"summary": "2109818",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2109818"
},
{
"category": "external",
"summary": "2109975",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2109975"
},
{
"category": "external",
"summary": "2110256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110256"
},
{
"category": "external",
"summary": "2110562",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110562"
},
{
"category": "external",
"summary": "2111240",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111240"
},
{
"category": "external",
"summary": "2111292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111292"
},
{
"category": "external",
"summary": "2111328",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111328"
},
{
"category": "external",
"summary": "2111378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111378"
},
{
"category": "external",
"summary": "2111744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111744"
},
{
"category": "external",
"summary": "2111794",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111794"
},
{
"category": "external",
"summary": "2112900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112900"
},
{
"category": "external",
"summary": "2114516",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2114516"
},
{
"category": "external",
"summary": "2114636",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2114636"
},
{
"category": "external",
"summary": "2114683",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2114683"
},
{
"category": "external",
"summary": "2115257",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115257"
},
{
"category": "external",
"summary": "2115258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115258"
},
{
"category": "external",
"summary": "2115280",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115280"
},
{
"category": "external",
"summary": "2115769",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115769"
},
{
"category": "external",
"summary": "2116225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116225"
},
{
"category": "external",
"summary": "2116644",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116644"
},
{
"category": "external",
"summary": "2117549",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117549"
},
{
"category": "external",
"summary": "2117803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117803"
},
{
"category": "external",
"summary": "2117813",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117813"
},
{
"category": "external",
"summary": "2117872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872"
},
{
"category": "external",
"summary": "2118257",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118257"
},
{
"category": "external",
"summary": "2118823",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118823"
},
{
"category": "external",
"summary": "2119069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119069"
},
{
"category": "external",
"summary": "2119128",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119128"
},
{
"category": "external",
"summary": "2119309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119309"
},
{
"category": "external",
"summary": "2119615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119615"
},
{
"category": "external",
"summary": "2120907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120907"
},
{
"category": "external",
"summary": "2121320",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2121320"
},
{
"category": "external",
"summary": "2122236",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122236"
},
{
"category": "external",
"summary": "2122990",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122990"
},
{
"category": "external",
"summary": "2124147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124147"
},
{
"category": "external",
"summary": "2124307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124307"
},
{
"category": "external",
"summary": "2124528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124528"
},
{
"category": "external",
"summary": "2124555",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124555"
},
{
"category": "external",
"summary": "2124557",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124557"
},
{
"category": "external",
"summary": "2124558",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124558"
},
{
"category": "external",
"summary": "2124565",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124565"
},
{
"category": "external",
"summary": "2124572",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124572"
},
{
"category": "external",
"summary": "2124582",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124582"
},
{
"category": "external",
"summary": "2124594",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124594"
},
{
"category": "external",
"summary": "2124597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124597"
},
{
"category": "external",
"summary": "2126104",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126104"
},
{
"category": "external",
"summary": "2126397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126397"
},
{
"category": "external",
"summary": "2127787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127787"
},
{
"category": "external",
"summary": "2127843",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127843"
},
{
"category": "external",
"summary": "2127931",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127931"
},
{
"category": "external",
"summary": "2127947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127947"
},
{
"category": "external",
"summary": "2128002",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128002"
},
{
"category": "external",
"summary": "2128107",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128107"
},
{
"category": "external",
"summary": "2128872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128872"
},
{
"category": "external",
"summary": "2128948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128948"
},
{
"category": "external",
"summary": "2128949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128949"
},
{
"category": "external",
"summary": "2128997",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128997"
},
{
"category": "external",
"summary": "2129013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129013"
},
{
"category": "external",
"summary": "2129234",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129234"
},
{
"category": "external",
"summary": "2129301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129301"
},
{
"category": "external",
"summary": "2129870",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129870"
},
{
"category": "external",
"summary": "2130509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130509"
},
{
"category": "external",
"summary": "2130588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130588"
},
{
"category": "external",
"summary": "2130695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130695"
},
{
"category": "external",
"summary": "2130909",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130909"
},
{
"category": "external",
"summary": "2131157",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131157"
},
{
"category": "external",
"summary": "2131165",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131165"
},
{
"category": "external",
"summary": "2131674",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131674"
},
{
"category": "external",
"summary": "2132031",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132031"
},
{
"category": "external",
"summary": "2132682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132682"
},
{
"category": "external",
"summary": "2132721",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132721"
},
{
"category": "external",
"summary": "2132744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132744"
},
{
"category": "external",
"summary": "2132746",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132746"
},
{
"category": "external",
"summary": "2132783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132783"
},
{
"category": "external",
"summary": "2132793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132793"
},
{
"category": "external",
"summary": "2132932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132932"
},
{
"category": "external",
"summary": "2133540",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133540"
},
{
"category": "external",
"summary": "2133541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133541"
},
{
"category": "external",
"summary": "2133542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133542"
},
{
"category": "external",
"summary": "2133543",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133543"
},
{
"category": "external",
"summary": "2133655",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133655"
},
{
"category": "external",
"summary": "2133656",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133656"
},
{
"category": "external",
"summary": "2133659",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133659"
},
{
"category": "external",
"summary": "2133660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133660"
},
{
"category": "external",
"summary": "2134123",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134123"
},
{
"category": "external",
"summary": "2134672",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134672"
},
{
"category": "external",
"summary": "2134825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134825"
},
{
"category": "external",
"summary": "2135805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135805"
},
{
"category": "external",
"summary": "2136051",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136051"
},
{
"category": "external",
"summary": "2136425",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136425"
},
{
"category": "external",
"summary": "2136534",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136534"
},
{
"category": "external",
"summary": "2137123",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137123"
},
{
"category": "external",
"summary": "2137241",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137241"
},
{
"category": "external",
"summary": "2137243",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137243"
},
{
"category": "external",
"summary": "2137349",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137349"
},
{
"category": "external",
"summary": "2137591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137591"
},
{
"category": "external",
"summary": "2137731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137731"
},
{
"category": "external",
"summary": "2137733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137733"
},
{
"category": "external",
"summary": "2137736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137736"
},
{
"category": "external",
"summary": "2137896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137896"
},
{
"category": "external",
"summary": "2138112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138112"
},
{
"category": "external",
"summary": "2138119",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138119"
},
{
"category": "external",
"summary": "2138199",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138199"
},
{
"category": "external",
"summary": "2138653",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138653"
},
{
"category": "external",
"summary": "2138657",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138657"
},
{
"category": "external",
"summary": "2138664",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138664"
},
{
"category": "external",
"summary": "2139257",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139257"
},
{
"category": "external",
"summary": "2139260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139260"
},
{
"category": "external",
"summary": "2139293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139293"
},
{
"category": "external",
"summary": "2139296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139296"
},
{
"category": "external",
"summary": "2139299",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139299"
},
{
"category": "external",
"summary": "2139306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139306"
},
{
"category": "external",
"summary": "2139479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139479"
},
{
"category": "external",
"summary": "2139574",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139574"
},
{
"category": "external",
"summary": "2139651",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139651"
},
{
"category": "external",
"summary": "2139687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139687"
},
{
"category": "external",
"summary": "2139738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139738"
},
{
"category": "external",
"summary": "2139820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139820"
},
{
"category": "external",
"summary": "2140117",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140117"
},
{
"category": "external",
"summary": "2140521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140521"
},
{
"category": "external",
"summary": "2140534",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140534"
},
{
"category": "external",
"summary": "2140627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140627"
},
{
"category": "external",
"summary": "2140730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140730"
},
{
"category": "external",
"summary": "2140808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140808"
},
{
"category": "external",
"summary": "2140977",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140977"
},
{
"category": "external",
"summary": "2140982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140982"
},
{
"category": "external",
"summary": "2140998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140998"
},
{
"category": "external",
"summary": "2141089",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141089"
},
{
"category": "external",
"summary": "2141302",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141302"
},
{
"category": "external",
"summary": "2141399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141399"
},
{
"category": "external",
"summary": "2141494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141494"
},
{
"category": "external",
"summary": "2141654",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141654"
},
{
"category": "external",
"summary": "2141711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141711"
},
{
"category": "external",
"summary": "2142468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142468"
},
{
"category": "external",
"summary": "2142470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142470"
},
{
"category": "external",
"summary": "2142511",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142511"
},
{
"category": "external",
"summary": "2142647",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142647"
},
{
"category": "external",
"summary": "2142891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142891"
},
{
"category": "external",
"summary": "2142929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142929"
},
{
"category": "external",
"summary": "2143268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143268"
},
{
"category": "external",
"summary": "2143498",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143498"
},
{
"category": "external",
"summary": "2143964",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143964"
},
{
"category": "external",
"summary": "2144580",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144580"
},
{
"category": "external",
"summary": "2144828",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144828"
},
{
"category": "external",
"summary": "2144839",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144839"
},
{
"category": "external",
"summary": "2153849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153849"
},
{
"category": "external",
"summary": "2155757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155757"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0408.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Virtualization 4.12.0 Images security update",
"tracking": {
"current_release_date": "2026-05-30T08:31:03+00:00",
"generator": {
"date": "2026-05-30T08:31:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:0408",
"initial_release_date": "2023-01-25T11:11:29+00:00",
"revision_history": [
{
"date": "2023-01-25T11:11:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-25T11:11:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-30T08:31:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CNV 4.12 for RHEL 8",
"product": {
"name": "CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:container_native_virtualization:4.12::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"product": {
"name": "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"product_id": "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/bridge-marker\u0026tag=v4.12.0-24"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"product": {
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"product_id": "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator\u0026tag=v4.12.0-24"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"product": {
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"product_id": "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins\u0026tag=v4.12.0-24"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"product": {
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"product_id": "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8\u0026tag=v4.12.0-58"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"product": {
"name": "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"product_id": "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry\u0026tag=v4.12.0-769"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"product": {
"name": "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"product_id": "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver\u0026tag=v4.12.0-30"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"product": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"product_id": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8\u0026tag=v4.12.0-30"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"product": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"product_id": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator\u0026tag=v4.12.0-31"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"product": {
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"product_id": "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator\u0026tag=v4.12.0-96"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"product": {
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"product_id": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8\u0026tag=v4.12.0-96"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"product": {
"name": "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"product_id": "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubemacpool\u0026tag=v4.12.0-24"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"product_id": "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-console-plugin\u0026tag=v4.12.0-182"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"product_id": "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator\u0026tag=v4.12.0-64"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm\u0026tag=v4.12.0-55"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-copy-template\u0026tag=v4.12.0-55"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-datavolume\u0026tag=v4.12.0-55"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template\u0026tag=v4.12.0-55"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize\u0026tag=v4.12.0-55"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep\u0026tag=v4.12.0-55"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template\u0026tag=v4.12.0-55"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-operator\u0026tag=v4.12.0-40"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status\u0026tag=v4.12.0-55"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"product_id": "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator\u0026tag=v4.12.0-32"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"product": {
"name": "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"product_id": "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"product_identification_helper": {
"purl": "pkg:oci/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools\u0026tag=v4.12.0-255"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"product": {
"name": "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"product_id": "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker\u0026tag=v4.12.0-24"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"product": {
"name": "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"product_id": "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin\u0026tag=v4.12.0-24"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"product": {
"name": "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"product_id": "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-api\u0026tag=v4.12.0-255"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"product": {
"name": "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"product_id": "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server\u0026tag=v4.12.0-255"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"product_id": "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver\u0026tag=v4.12.0-72"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"product_id": "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner\u0026tag=v4.12.0-72"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"product_id": "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller\u0026tag=v4.12.0-72"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"product_id": "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer\u0026tag=v4.12.0-72"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"product_id": "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator\u0026tag=v4.12.0-72"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"product_id": "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy\u0026tag=v4.12.0-71"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"product_id": "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver\u0026tag=v4.12.0-72"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"product": {
"name": "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"product_id": "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-controller\u0026tag=v4.12.0-255"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"product": {
"name": "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"product_id": "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-exportproxy\u0026tag=v4.12.0-255"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"product": {
"name": "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"product_id": "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-exportserver\u0026tag=v4.12.0-255"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"product": {
"name": "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"product_id": "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-handler\u0026tag=v4.12.0-255"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"product": {
"name": "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"product_id": "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virtio-win\u0026tag=v4.12.0-10"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"product": {
"name": "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"product_id": "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-launcher\u0026tag=v4.12.0-255"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"product": {
"name": "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"product_id": "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-operator\u0026tag=v4.12.0-255"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64",
"product": {
"name": "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64",
"product_id": "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-network-latency-checkup\u0026tag=v4.12.0-89"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64"
},
"product_reference": "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64"
},
"product_reference": "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64"
},
"product_reference": "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64"
},
"product_reference": "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64"
},
"product_reference": "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64"
},
"product_reference": "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64"
},
"product_reference": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64"
},
"product_reference": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64"
},
"product_reference": "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64"
},
"product_reference": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64"
},
"product_reference": "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64"
},
"product_reference": "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64"
},
"product_reference": "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64"
},
"product_reference": "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
},
"product_reference": "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64"
},
"product_reference": "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64"
},
"product_reference": "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64"
},
"product_reference": "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64"
},
"product_reference": "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64"
},
"product_reference": "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64"
},
"product_reference": "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
},
"product_reference": "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64"
},
"product_reference": "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
},
"product_reference": "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-38561",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2022-06-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2100495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw may be triggered only by accepting untrusted user input to the vulnerable golang\u0027s library. The overall DoS attack vector depends directly on how the library\u0027s input is exposed by the consuming application, thus Red Hat rates impact as Moderate.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.5 version, the registration-operator, lighthouse-coredns, lighthouse-agent, gatekeeper-operator, and discovery-operator components are affected by this flaw, but the rest of the components are using an already patched version and are unaffected. For 2.4 and previous versions of Red Hat Advanced Cluster Management for Kubernetes (RHACM), most of the components are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-38561"
},
{
"category": "external",
"summary": "RHBZ#2100495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-38561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2021-0113",
"url": "https://pkg.go.dev/vuln/GO-2021-0113"
}
],
"release_date": "2021-08-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS"
},
{
"cve": "CVE-2021-44716",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030801"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s an uncontrolled resource consumption flaw in golang\u0027s net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http\u0027s http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: limit growth of header canonicalization cache",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For OpenShift Container Platform, OpenShift Virtualization, Red Hat Quay and OpenShift distributed tracing the most an attacker can possibly achieve by exploiting this vulnerability is to crash a container, temporarily impacting availability of one or more services. Therefore impact is rated Moderate.\n\nIn its default configuration, grafana as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability. However, enabling http2 in /etc/grafana/grafana.ini explicitly would render grafana affected, therefore grafana has been marked affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44716"
},
{
"category": "external",
"summary": "RHBZ#2030801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by disabling HTTP/2. Setting the GODEBUG=http2server=0 environment variable before calling Serve will disable HTTP/2 unless it was manually configured through the golang.org/x/net/http2 package.",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: limit growth of header canonicalization cache"
},
{
"cve": "CVE-2021-44717",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030806"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s a flaw in golang\u0027s syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: syscall: don\u0027t close fd 0 on ForkExec error",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* This flaw has had the severity level set to Moderate due to the attack complexity required to exhaust file descriptors at the time ForkExec is called, plus an attacker does not necessarily have direct control over where/how data is leaked.\n\n* For Service Telemetry Framework, because the flaw\u0027s impact is lower, no update will be provided at this time for its containers.\n\n* runc shipped with Red Hat Enterprise Linux 8 and 9 are not affected by this flaw because the flaw is already patched in the shipped versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44717"
},
{
"category": "external",
"summary": "RHBZ#2030806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
},
{
"category": "workaround",
"details": "This bug can be mitigated by raising the per-process file descriptor limit.",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: syscall: don\u0027t close fd 0 on ForkExec error"
},
{
"cve": "CVE-2022-1705",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107374"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: improper sanitization of Transfer-Encoding header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1705"
},
{
"category": "external",
"summary": "RHBZ#2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
},
{
"category": "external",
"summary": "https://go.dev/issue/53188",
"url": "https://go.dev/issue/53188"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: improper sanitization of Transfer-Encoding header"
},
{
"acknowledgments": [
{
"names": [
"Oliver Brooks and James Klopchic"
],
"organization": "NCC Group"
}
],
"cve": "CVE-2022-1798",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-08-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2117872"
}
],
"notes": [
{
"category": "description",
"text": "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1798"
},
{
"category": "external",
"summary": "RHBZ#2117872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1798",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798"
},
{
"category": "external",
"summary": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm",
"url": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm"
}
],
"release_date": "2022-08-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs"
},
{
"cve": "CVE-2022-1962",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: go/parser: stack exhaustion in all Parse* functions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1962"
},
{
"category": "external",
"summary": "RHBZ#2107376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962"
},
{
"category": "external",
"summary": "https://go.dev/issue/53616",
"url": "https://go.dev/issue/53616"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: go/parser: stack exhaustion in all Parse* functions"
},
{
"cve": "CVE-2022-23772",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053532"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23772"
},
{
"category": "external",
"summary": "RHBZ#2053532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-01-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString"
},
{
"cve": "CVE-2022-23773",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053541"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23773"
},
{
"category": "external",
"summary": "RHBZ#2053541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control"
},
{
"cve": "CVE-2022-23806",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053429"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 \u0026 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.\n\nThe vulnerability lies in the crypto/elliptic: IsOnCurve taking in negative and invalid forms of data input and resulting in a panic, the resulting invalid data input is also resulting in data sinks in other functions such as marshall that handle elliptic curve cryptography by converting points on an elliptic curve into a binary format for storage or transmission and scalarmult which provides scalar multiplication, all three function takes in invalid forms of data and results in a crash, although the main culprit being isoncurve function, considering the attack complexity being high as the data that reaches the vulnerable function could already be stripped of negative sign and the resultant successful exploitation only leading to a panic/crash the vulnerability has been rated as Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23806"
},
{
"category": "external",
"summary": "RHBZ#2053429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements"
},
{
"cve": "CVE-2022-28131",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Decoder.Skip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability exists in the calling of the function decoder.skip to a deeply nested XML document. Although the vulnerability exists, it may require that the application accept deeply nested XML from untrusted sources and specifically calls Decoder.Skip on it. In many deployments, that code path might not even be reachable or exposed to external input. On top of that, a successful exploitation will only result in denial of service due to stack exhaustion, which is why this has been marked as moderate by Red Hat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28131"
},
{
"category": "external",
"summary": "RHBZ#2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131"
},
{
"category": "external",
"summary": "https://go.dev/issue/53614",
"url": "https://go.dev/issue/53614"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: stack exhaustion in Decoder.Skip"
},
{
"acknowledgments": [
{
"names": [
"Jo\u00ebl G\u00e4hwiler"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-29526",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2022-05-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2084085"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file\u0027s group, affecting system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: syscall: faccessat checks wrong group",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29526"
},
{
"category": "external",
"summary": "RHBZ#2084085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU",
"url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU"
}
],
"release_date": "2022-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: syscall: faccessat checks wrong group"
},
{
"cve": "CVE-2022-30629",
"cwe": {
"id": "CWE-331",
"name": "Insufficient Entropy"
},
"discovery_date": "2022-06-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2092793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: session tickets lack random ticket_age_add",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30629"
},
{
"category": "external",
"summary": "RHBZ#2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
"url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
}
],
"release_date": "2022-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/tls: session tickets lack random ticket_age_add"
},
{
"cve": "CVE-2022-30630",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107371"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: io/fs: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RH ProdSec has set the Impact of this vulnerability to Moderate as there is no known method to execute arbitary code. Successful exploitation of this bug can cause the application under attack to panic, merely causing a Denial of Service at the application level. As the kernel is unaffected by this bug, the user can merely relaunch the application to fix the problem. Also, if somehow the application keeps relaunching, the timer watchdogs in the default RHEL kernel will stop the attack in its tracks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30630"
},
{
"category": "external",
"summary": "RHBZ#2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
},
{
"category": "external",
"summary": "https://go.dev/issue/53415",
"url": "https://go.dev/issue/53415"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: io/fs: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30631",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: compress/gzip: stack exhaustion in Reader.Read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit CVE-2022-30631, an attacker supplies a specially crafted gzip archive to a Go application that uses a vulnerable version of the compress/gzip package without adequate input validation. This can lead to uncontrolled recursion, resulting in stack exhaustion and causing the application to panic, thereby affecting its availability.\n\nAs this is merely a DoS and there is no known way to control the instruction pointer, RH ProdSec has set the impact of this vulnerabilty to \"Moderate\".",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30631"
},
{
"category": "external",
"summary": "RHBZ#2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631"
},
{
"category": "external",
"summary": "https://go.dev/issue/53168",
"url": "https://go.dev/issue/53168"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: compress/gzip: stack exhaustion in Reader.Read"
},
{
"cve": "CVE-2022-30632",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: path/filepath: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30632"
},
{
"category": "external",
"summary": "RHBZ#2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
},
{
"category": "external",
"summary": "https://go.dev/issue/53416",
"url": "https://go.dev/issue/53416"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: path/filepath: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30633",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Unmarshal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has marked this as moderate impact for two primary reasons\n1. Though the vulnerability exists, it is hard to exploit in real scenarios (e.g., the attacker must be able to feed crafted XML documents into specific code paths).\n2. The vulnerability is a denial of service (DoS) due to stack exhaustion rather than code execution or data breach. Since it doesn\u2019t compromise confidentiality or integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30633"
},
{
"category": "external",
"summary": "RHBZ#2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633"
},
{
"category": "external",
"summary": "https://go.dev/issue/53611",
"url": "https://go.dev/issue/53611"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: stack exhaustion in Unmarshal"
},
{
"cve": "CVE-2022-30635",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/gob: stack exhaustion in Decoder.Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.The vulnerability has been rated as moderate instead of high because the vulnerability can only result in a minor denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30635"
},
{
"category": "external",
"summary": "RHBZ#2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635"
},
{
"category": "external",
"summary": "https://go.dev/issue/53615",
"url": "https://go.dev/issue/53615"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/gob: stack exhaustion in Decoder.Decode"
},
{
"cve": "CVE-2022-32148",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32148"
},
{
"category": "external",
"summary": "RHBZ#2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148"
},
{
"category": "external",
"summary": "https://go.dev/issue/53423",
"url": "https://go.dev/issue/53423"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working"
}
]
}
RHSA-2023:1042
Vulnerability from csaf_redhat - Published: 2023-03-06 18:38 - Updated: 2026-05-30 08:31Summary
Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift (with security updates)
Severity
Moderate
Notes
Topic: Custom Metrics Autoscaler Operator for Red Hat OpenShift including security updates.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Custom Metrics Autoscaler Operator for Red Hat OpenShift is an optional
operator, based on the Kubernetes Event Driven Autoscaler (KEDA), that allows workloads to be scaled using additional metrics sources other than pod metrics.
This release builds upon updated compiler, runtime library, and base images for the purpose of resolving any potential security issues present in previous toolset versions.
This version makes use of newer tools and libraries to address the following issues:
golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)
golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags (CVE-2022-32149)
golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.
6.5 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 | — |
Vendor Fix
fix
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.
5.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 | — |
Threats
Impact
Low
A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 | — |
Threats
Impact
Low
A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request's form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 | — |
Threats
Impact
Low
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 | — |
Threats
Impact
Low
A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.
7.3 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 | — |
Threats
Impact
Low
An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 | — |
Vendor Fix
fix
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 | — |
Threats
Impact
Low
A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 | — |
Threats
Impact
Low
A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 | — |
Threats
Impact
Low
A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 | — |
Threats
Impact
Low
A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 | — |
Threats
Impact
Low
A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 | — |
Threats
Impact
Low
A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 | — |
Threats
Impact
Low
A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 | — | ||
| Unresolved product id: 8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 | — |
Threats
Impact
Low
References
102 references
Acknowledgments
ADA Logics
Adam Korczynski
OSS-Fuzz
Head of Research, Oxeye
Daniel Abeles
Security Researcher, Oxeye
Gal Goldstein
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Custom Metrics Autoscaler Operator for Red Hat OpenShift including security updates.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Custom Metrics Autoscaler Operator for Red Hat OpenShift is an optional\noperator, based on the Kubernetes Event Driven Autoscaler (KEDA), that allows workloads to be scaled using additional metrics sources other than pod metrics.\nThis release builds upon updated compiler, runtime library, and base images for the purpose of resolving any potential security issues present in previous toolset versions.\n\nThis version makes use of newer tools and libraries to address the following issues:\ngolang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\ngolang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\ngolang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)\ngolang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\ngolang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\ngolang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\ngolang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\ngolang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\ngolang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\ngolang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\ngolang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\ngolang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\ngolang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\ngolang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags (CVE-2022-32149)\ngolang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1042",
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "2100763",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100763"
},
{
"category": "external",
"summary": "2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "2107376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
},
{
"category": "external",
"summary": "2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "external",
"summary": "2113945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113945"
},
{
"category": "external",
"summary": "2118404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118404"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "2134010",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134010"
},
{
"category": "external",
"summary": "OCPNODE-1260",
"url": "https://issues.redhat.com/browse/OCPNODE-1260"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1042.json"
}
],
"title": "Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift (with security updates)",
"tracking": {
"current_release_date": "2026-05-30T08:31:06+00:00",
"generator": {
"date": "2026-05-30T08:31:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:1042",
"initial_release_date": "2023-03-06T18:38:53+00:00",
"revision_history": [
{
"date": "2023-03-06T18:38:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-03-06T18:38:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-30T08:31:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Custom Metrics Autoscaler 2",
"product": {
"name": "OpenShift Custom Metrics Autoscaler 2",
"product_id": "8Base-OCMA-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.0::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Custom Metrics Autoscaler"
},
{
"branches": [
{
"category": "product_version",
"name": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"product": {
"name": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"product_id": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5?arch=amd64\u0026repository_url=registry.redhat.io/custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8\u0026tag=2.8.2-143"
}
}
},
{
"category": "product_version",
"name": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64",
"product": {
"name": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64",
"product_id": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64",
"product_identification_helper": {
"purl": "pkg:oci/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95?arch=amd64\u0026repository_url=registry.redhat.io/custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8\u0026tag=2.8.2-143"
}
}
},
{
"category": "product_version",
"name": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"product": {
"name": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"product_id": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"product_identification_helper": {
"purl": "pkg:oci/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494?arch=amd64\u0026repository_url=registry.redhat.io/custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle\u0026tag=2.8.2-143"
}
}
},
{
"category": "product_version",
"name": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"product": {
"name": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"product_id": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"product_identification_helper": {
"purl": "pkg:oci/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293?arch=amd64\u0026repository_url=registry.redhat.io/custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator\u0026tag=2.8.2-143"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64 as a component of OpenShift Custom Metrics Autoscaler 2",
"product_id": "8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64"
},
"product_reference": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"relates_to_product_reference": "8Base-OCMA-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64 as a component of OpenShift Custom Metrics Autoscaler 2",
"product_id": "8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64"
},
"product_reference": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"relates_to_product_reference": "8Base-OCMA-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64 as a component of OpenShift Custom Metrics Autoscaler 2",
"product_id": "8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
},
"product_reference": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"relates_to_product_reference": "8Base-OCMA-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64 as a component of OpenShift Custom Metrics Autoscaler 2",
"product_id": "8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
},
"product_reference": "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64",
"relates_to_product_reference": "8Base-OCMA-2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1705",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107374"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: improper sanitization of Transfer-Encoding header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"known_not_affected": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1705"
},
{
"category": "external",
"summary": "RHBZ#2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
},
{
"category": "external",
"summary": "https://go.dev/issue/53188",
"url": "https://go.dev/issue/53188"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-06T18:38:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: improper sanitization of Transfer-Encoding header"
},
{
"cve": "CVE-2022-1962",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: go/parser: stack exhaustion in all Parse* functions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"known_not_affected": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1962"
},
{
"category": "external",
"summary": "RHBZ#2107376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962"
},
{
"category": "external",
"summary": "https://go.dev/issue/53616",
"url": "https://go.dev/issue/53616"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-06T18:38:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: go/parser: stack exhaustion in all Parse* functions"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-2879",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132867"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.\n\n\nThis flaw additionally affects the github.com/vbatts/tar-split library and was fixed in v0.12.1.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"known_not_affected": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2879"
},
{
"category": "external",
"summary": "RHBZ#2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54853",
"url": "https://github.com/golang/go/issues/54853"
},
{
"category": "external",
"summary": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1",
"url": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-06T18:38:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers"
},
{
"acknowledgments": [
{
"names": [
"Daniel Abeles"
],
"organization": "Head of Research, Oxeye"
},
{
"names": [
"Gal Goldstein"
],
"organization": "Security Researcher, Oxeye"
}
],
"cve": "CVE-2022-2880",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132868"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"known_not_affected": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2880"
},
{
"category": "external",
"summary": "RHBZ#2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54663",
"url": "https://github.com/golang/go/issues/54663"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-06T18:38:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"known_not_affected": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-06T18:38:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"cve": "CVE-2022-28131",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Decoder.Skip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability exists in the calling of the function decoder.skip to a deeply nested XML document. Although the vulnerability exists, it may require that the application accept deeply nested XML from untrusted sources and specifically calls Decoder.Skip on it. In many deployments, that code path might not even be reachable or exposed to external input. On top of that, a successful exploitation will only result in denial of service due to stack exhaustion, which is why this has been marked as moderate by Red Hat.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"known_not_affected": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28131"
},
{
"category": "external",
"summary": "RHBZ#2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131"
},
{
"category": "external",
"summary": "https://go.dev/issue/53614",
"url": "https://go.dev/issue/53614"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-06T18:38:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: encoding/xml: stack exhaustion in Decoder.Skip"
},
{
"cve": "CVE-2022-28327",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077689"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow flaw was found in Golang\u0027s crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: panic caused by oversized scalar",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A moderate severity flaw was found in Go\u2019s crypto/elliptic package in the generic P-256 implementation. If a scalar input longer than 32 bytes is supplied, P256().ScalarMult or P256().ScalarBaseMult can panic, causing the application to crash. Indirect uses via crypto/ecdsa and crypto/tls are not affected. This issue impacts availability but does not affect confidentiality or integrity. Only certain platforms (non-amd64, non-arm64, non-ppc64le, non-s390x) may be affected.\n\nRed Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"known_not_affected": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28327"
},
{
"category": "external",
"summary": "RHBZ#2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-06T18:38:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: panic caused by oversized scalar"
},
{
"cve": "CVE-2022-30630",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107371"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: io/fs: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RH ProdSec has set the Impact of this vulnerability to Moderate as there is no known method to execute arbitary code. Successful exploitation of this bug can cause the application under attack to panic, merely causing a Denial of Service at the application level. As the kernel is unaffected by this bug, the user can merely relaunch the application to fix the problem. Also, if somehow the application keeps relaunching, the timer watchdogs in the default RHEL kernel will stop the attack in its tracks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"known_not_affected": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30630"
},
{
"category": "external",
"summary": "RHBZ#2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
},
{
"category": "external",
"summary": "https://go.dev/issue/53415",
"url": "https://go.dev/issue/53415"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-06T18:38:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: io/fs: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30631",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: compress/gzip: stack exhaustion in Reader.Read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit CVE-2022-30631, an attacker supplies a specially crafted gzip archive to a Go application that uses a vulnerable version of the compress/gzip package without adequate input validation. This can lead to uncontrolled recursion, resulting in stack exhaustion and causing the application to panic, thereby affecting its availability.\n\nAs this is merely a DoS and there is no known way to control the instruction pointer, RH ProdSec has set the impact of this vulnerabilty to \"Moderate\".",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"known_not_affected": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30631"
},
{
"category": "external",
"summary": "RHBZ#2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631"
},
{
"category": "external",
"summary": "https://go.dev/issue/53168",
"url": "https://go.dev/issue/53168"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-06T18:38:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: compress/gzip: stack exhaustion in Reader.Read"
},
{
"cve": "CVE-2022-30632",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: path/filepath: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"known_not_affected": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30632"
},
{
"category": "external",
"summary": "RHBZ#2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
},
{
"category": "external",
"summary": "https://go.dev/issue/53416",
"url": "https://go.dev/issue/53416"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-06T18:38:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: path/filepath: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30633",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Unmarshal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has marked this as moderate impact for two primary reasons\n1. Though the vulnerability exists, it is hard to exploit in real scenarios (e.g., the attacker must be able to feed crafted XML documents into specific code paths).\n2. The vulnerability is a denial of service (DoS) due to stack exhaustion rather than code execution or data breach. Since it doesn\u2019t compromise confidentiality or integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"known_not_affected": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30633"
},
{
"category": "external",
"summary": "RHBZ#2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633"
},
{
"category": "external",
"summary": "https://go.dev/issue/53611",
"url": "https://go.dev/issue/53611"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-06T18:38:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: encoding/xml: stack exhaustion in Unmarshal"
},
{
"cve": "CVE-2022-30635",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/gob: stack exhaustion in Decoder.Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.The vulnerability has been rated as moderate instead of high because the vulnerability can only result in a minor denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"known_not_affected": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30635"
},
{
"category": "external",
"summary": "RHBZ#2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635"
},
{
"category": "external",
"summary": "https://go.dev/issue/53615",
"url": "https://go.dev/issue/53615"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-06T18:38:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: encoding/gob: stack exhaustion in Decoder.Decode"
},
{
"cve": "CVE-2022-32148",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"known_not_affected": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32148"
},
{
"category": "external",
"summary": "RHBZ#2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148"
},
{
"category": "external",
"summary": "https://go.dev/issue/53423",
"url": "https://go.dev/issue/53423"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-06T18:38:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working"
},
{
"cve": "CVE-2022-32149",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2022-10-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134010"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "After careful analysis of the vulnerability Redhat is choosing to keep the vulnerability severity as moderate,the vulnerability exists in the ParseAcceptLanguage function of the golang text/language package,when an attacker could craft an unusually large accept header and due to the parser taking quadratic time complexity to finish, firstly the attacker would have to find a way smuggle an input to the parser and even then this would simply not result in a crash of any kind but more of resource hang which while can be unpleasant,does not equate to any real world damage.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"known_not_affected": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32149"
},
{
"category": "external",
"summary": "RHBZ#2134010",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134010"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32149"
},
{
"category": "external",
"summary": "https://go.dev/issue/56152",
"url": "https://go.dev/issue/56152"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU",
"url": "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU"
}
],
"release_date": "2022-10-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-06T18:38:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-41715",
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp/syntax: limit memory used by parsing regexps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"known_not_affected": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41715"
},
{
"category": "external",
"summary": "RHBZ#2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/55949",
"url": "https://github.com/golang/go/issues/55949"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-06T18:38:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8@sha256:c79cb3c68317a224277a8ee0dc78832fcd4b6da18b9b5b074cffaad14e2f1aa5_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-operator-bundle@sha256:44de4b736089166718956bebd456ad1a17e0e6f72c49f52804c6b6e60ef5a494_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operator@sha256:5a149d0a0cdb6812acbef0c9b3031fb3cd84181e971198a6e17d8fd0bf5e6293_amd64",
"8Base-OCMA-2:custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8@sha256:a403d057cd2ca820306207282007d4d117623e1a2ebb8bee67c19f5796f07f95_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: regexp/syntax: limit memory used by parsing regexps"
}
]
}
RHSA-2023:1275
Vulnerability from csaf_redhat - Published: 2023-03-15 19:58 - Updated: 2026-05-28 20:28Summary
Red Hat Security Advisory: Red Hat OpenStack Platform (etcd) security update
Severity
Important
Notes
Topic: An update for etcd is now available for Red Hat OpenStack Platform.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details: etcd is a highly-available key value store for shared configuration.
The following Important impact security fix(es) are applicable to Red Hat OpenStack Platform 17.0 (Wallaby), 16.2 (Train), and 16.1 (Train):
* Improve heuristics preventing CPU/memory abuse by parsing malicious or
large YAML documents (CVE-2022-3064)
As a result of being built by golang 1.18.9, the following Moderate impact security fix(es) are applicable to Red Hat OpenStack Platform 16.2 and 16.1:
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
As a result of being built by golang 1.18.9, the following Low impact security fix(es) are applicable to Red Hat OpenStack Platform 16.2 and 16.1:
* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.
6.5 (Medium)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request's form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.
7.5 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.
7.5 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.
CWE-331 - Insufficient EntropyAffected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.
7.5 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.
7.5 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.
7.5 (High)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.
6.5 (Medium)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.
6.5 (Medium)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.
6.5 (Medium)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
86 references
Acknowledgments
Head of Research, Oxeye
Daniel Abeles
Security Researcher, Oxeye
Gal Goldstein
ADA Logics
Adam Korczynski
OSS-Fuzz
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for etcd is now available for Red Hat OpenStack Platform.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "etcd is a highly-available key value store for shared configuration.\n\nThe following Important impact security fix(es) are applicable to Red Hat OpenStack Platform 17.0 (Wallaby), 16.2 (Train), and 16.1 (Train):\n\n* Improve heuristics preventing CPU/memory abuse by parsing malicious or\nlarge YAML documents (CVE-2022-3064)\n\nAs a result of being built by golang 1.18.9, the following Moderate impact security fix(es) are applicable to Red Hat OpenStack Platform 16.2 and 16.1:\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\nAs a result of being built by golang 1.18.9, the following Low impact security fix(es) are applicable to Red Hat OpenStack Platform 16.2 and 16.1:\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1275",
"url": "https://access.redhat.com/errata/RHSA-2023:1275"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "2163037",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163037"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1275.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenStack Platform (etcd) security update",
"tracking": {
"current_release_date": "2026-05-28T20:28:26+00:00",
"generator": {
"date": "2026-05-28T20:28:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:1275",
"initial_release_date": "2023-03-15T19:58:09+00:00",
"revision_history": [
{
"date": "2023-03-15T19:58:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-03-15T19:58:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-28T20:28:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 16.1",
"product": {
"name": "Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:16.1::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 16.2",
"product": {
"name": "Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:16.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-12.el8ost.src",
"product": {
"name": "etcd-0:3.3.23-12.el8ost.src",
"product_id": "etcd-0:3.3.23-12.el8ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-12.el8ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-12.el8ost.x86_64",
"product": {
"name": "etcd-0:3.3.23-12.el8ost.x86_64",
"product_id": "etcd-0:3.3.23-12.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-12.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"product": {
"name": "etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"product_id": "etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debugsource@3.3.23-12.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"product": {
"name": "etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"product_id": "etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debuginfo@3.3.23-12.el8ost?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-12.el8ost.ppc64le",
"product": {
"name": "etcd-0:3.3.23-12.el8ost.ppc64le",
"product_id": "etcd-0:3.3.23-12.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-12.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"product": {
"name": "etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"product_id": "etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debugsource@3.3.23-12.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"product": {
"name": "etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"product_id": "etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debuginfo@3.3.23-12.el8ost?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-12.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le"
},
"product_reference": "etcd-0:3.3.23-12.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-12.el8ost.src as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src"
},
"product_reference": "etcd-0:3.3.23-12.el8ost.src",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-12.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64"
},
"product_reference": "etcd-0:3.3.23-12.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le"
},
"product_reference": "etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64"
},
"product_reference": "etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debugsource-0:3.3.23-12.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le"
},
"product_reference": "etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debugsource-0:3.3.23-12.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
},
"product_reference": "etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-12.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le"
},
"product_reference": "etcd-0:3.3.23-12.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-12.el8ost.src as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src"
},
"product_reference": "etcd-0:3.3.23-12.el8ost.src",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-12.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64"
},
"product_reference": "etcd-0:3.3.23-12.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le"
},
"product_reference": "etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debuginfo-0:3.3.23-12.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64"
},
"product_reference": "etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debugsource-0:3.3.23-12.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le"
},
"product_reference": "etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debugsource-0:3.3.23-12.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
},
"product_reference": "etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1705",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107374"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: improper sanitization of Transfer-Encoding header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1705"
},
{
"category": "external",
"summary": "RHBZ#2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
},
{
"category": "external",
"summary": "https://go.dev/issue/53188",
"url": "https://go.dev/issue/53188"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-15T19:58:09+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: improper sanitization of Transfer-Encoding header"
},
{
"acknowledgments": [
{
"names": [
"Daniel Abeles"
],
"organization": "Head of Research, Oxeye"
},
{
"names": [
"Gal Goldstein"
],
"organization": "Security Researcher, Oxeye"
}
],
"cve": "CVE-2022-2880",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132868"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2880"
},
{
"category": "external",
"summary": "RHBZ#2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54663",
"url": "https://github.com/golang/go/issues/54663"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-15T19:58:09+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters"
},
{
"cve": "CVE-2022-3064",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-01-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2163037"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RHC package for Red Hat Enterprise Linux 9 mark as Low severity as we do ship the affected code but it\u0027s not easily exposed because YAML files are not parsed by RHC.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3064"
},
{
"category": "external",
"summary": "RHBZ#2163037",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163037"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3064",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3064"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3064",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3064"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-6q6q-88xp-6f2r",
"url": "https://github.com/advisories/GHSA-6q6q-88xp-6f2r"
},
{
"category": "external",
"summary": "https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5",
"url": "https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5"
},
{
"category": "external",
"summary": "https://github.com/go-yaml/yaml/releases/tag/v2.2.4",
"url": "https://github.com/go-yaml/yaml/releases/tag/v2.2.4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-0956",
"url": "https://pkg.go.dev/vuln/GO-2022-0956"
}
],
"release_date": "2022-08-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-15T19:58:09+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-15T19:58:09+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"cve": "CVE-2022-30629",
"cwe": {
"id": "CWE-331",
"name": "Insufficient Entropy"
},
"discovery_date": "2022-06-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2092793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: session tickets lack random ticket_age_add",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30629"
},
{
"category": "external",
"summary": "RHBZ#2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
"url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
}
],
"release_date": "2022-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-15T19:58:09+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/tls: session tickets lack random ticket_age_add"
},
{
"cve": "CVE-2022-30630",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107371"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: io/fs: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RH ProdSec has set the Impact of this vulnerability to Moderate as there is no known method to execute arbitary code. Successful exploitation of this bug can cause the application under attack to panic, merely causing a Denial of Service at the application level. As the kernel is unaffected by this bug, the user can merely relaunch the application to fix the problem. Also, if somehow the application keeps relaunching, the timer watchdogs in the default RHEL kernel will stop the attack in its tracks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30630"
},
{
"category": "external",
"summary": "RHBZ#2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
},
{
"category": "external",
"summary": "https://go.dev/issue/53415",
"url": "https://go.dev/issue/53415"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-15T19:58:09+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: io/fs: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30632",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: path/filepath: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30632"
},
{
"category": "external",
"summary": "RHBZ#2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
},
{
"category": "external",
"summary": "https://go.dev/issue/53416",
"url": "https://go.dev/issue/53416"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-15T19:58:09+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: path/filepath: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30635",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/gob: stack exhaustion in Decoder.Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.The vulnerability has been rated as moderate instead of high because the vulnerability can only result in a minor denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30635"
},
{
"category": "external",
"summary": "RHBZ#2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635"
},
{
"category": "external",
"summary": "https://go.dev/issue/53615",
"url": "https://go.dev/issue/53615"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-15T19:58:09+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/gob: stack exhaustion in Decoder.Decode"
},
{
"cve": "CVE-2022-32148",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32148"
},
{
"category": "external",
"summary": "RHBZ#2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148"
},
{
"category": "external",
"summary": "https://go.dev/issue/53423",
"url": "https://go.dev/issue/53423"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-15T19:58:09+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working"
},
{
"cve": "CVE-2022-32189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-08-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2113814"
}
],
"notes": [
{
"category": "description",
"text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32189"
},
{
"category": "external",
"summary": "RHBZ#2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189"
},
{
"category": "external",
"summary": "https://go.dev/issue/53871",
"url": "https://go.dev/issue/53871"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU",
"url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU"
}
],
"release_date": "2022-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-15T19:58:09+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1275"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-41715",
"discovery_date": "2022-10-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp/syntax: limit memory used by parsing regexps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41715"
},
{
"category": "external",
"summary": "RHBZ#2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/55949",
"url": "https://github.com/golang/go/issues/55949"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-15T19:58:09+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp/syntax: limit memory used by parsing regexps"
},
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-15T19:58:09+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-12.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-12.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…