Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-41717 (GCVE-0-2022-41717)
Vulnerability from cvelistv5 – Published: 2022-12-08 19:03 – Updated: 2025-02-13 16:33
VLAI
EPSS
Title
Excessive memory growth in net/http and golang.org/x/net/http2
Summary
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
Severity
No CVSS data available.
CWE
- CWE 400: Uncontrolled Resource Consumption
Assigner
References
23 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | net/http |
Affected:
0 , < 1.18.9
(semver)
Affected: 1.19.0-0 , < 1.19.4 (semver) |
|
| golang.org/x/net | golang.org/x/net/http2 |
Affected:
0 , < 0.4.0
(semver)
|
Credits
Josselin Costanzi
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:49:43.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230120-0008/"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/issue/56350"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/cl/455717"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/cl/455635"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"tags": [
"x_transferred"
],
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "net/http",
"product": "net/http",
"programRoutines": [
{
"name": "http2serverConn.canonicalHeader"
},
{
"name": "ListenAndServe"
},
{
"name": "ListenAndServeTLS"
},
{
"name": "Serve"
},
{
"name": "ServeTLS"
},
{
"name": "Server.ListenAndServe"
},
{
"name": "Server.ListenAndServeTLS"
},
{
"name": "Server.Serve"
},
{
"name": "Server.ServeTLS"
},
{
"name": "http2Server.ServeConn"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.18.9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.19.4",
"status": "affected",
"version": "1.19.0-0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/net/http2",
"product": "golang.org/x/net/http2",
"programRoutines": [
{
"name": "serverConn.canonicalHeader"
},
{
"name": "Server.ServeConn"
}
],
"vendor": "golang.org/x/net",
"versions": [
{
"lessThan": "0.4.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Josselin Costanzi"
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE 400: Uncontrolled Resource Consumption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-18T02:06:25.182Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/issue/56350"
},
{
"url": "https://go.dev/cl/455717"
},
{
"url": "https://go.dev/cl/455635"
},
{
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"
},
{
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/"
}
],
"title": "Excessive memory growth in net/http and golang.org/x/net/http2"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2022-41717",
"datePublished": "2022-12-08T19:03:53.161Z",
"dateReserved": "2022-09-28T17:00:06.608Z",
"dateUpdated": "2025-02-13T16:33:08.284Z",
"requesterUserId": "7d08541a-cd0a-42e2-8f81-76e6ceb65fc3",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-41717",
"date": "2026-05-29",
"epss": "0.00331",
"percentile": "0.56237"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-41717\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2022-12-08T20:15:10.330\",\"lastModified\":\"2024-11-21T07:23:43.713\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.\"},{\"lang\":\"es\",\"value\":\"Un atacante puede provocar un crecimiento excesivo de la memoria en un servidor Go que acepta solicitudes HTTP/2. Las conexiones del servidor HTTP/2 contienen un cach\u00e9 de claves de encabezado HTTP enviadas por el cliente. Si bien el n\u00famero total de entradas en esta cach\u00e9 est\u00e1 limitado, un atacante que env\u00eda claves muy grandes puede hacer que el servidor asigne aproximadamente 64 MiB por conexi\u00f3n abierta.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.18.9\",\"matchCriteriaId\":\"E0CD51B1-029E-442F-BE6A-772F4754D240\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.19.0\",\"versionEndExcluding\":\"1.19.4\",\"matchCriteriaId\":\"B6AEBFD1-DEE2-40E0-B65C-8C7885014797\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"0.4.0\",\"matchCriteriaId\":\"BBFC0CE7-CD35-4FCF-A37A-DBC5D6DA16D2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/455635\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://go.dev/cl/455717\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://go.dev/issue/56350\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I/\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/\",\"source\":\"security@golang.org\"},{\"url\":\"https://pkg.go.dev/vuln/GO-2022-1144\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-09\",\"source\":\"security@golang.org\"},{\"url\":\"https://go.dev/cl/455635\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://go.dev/cl/455717\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://go.dev/issue/56350\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://pkg.go.dev/vuln/GO-2022-1144\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20230120-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
RHSA-2023:1817
Vulnerability from csaf_redhat - Published: 2023-04-18 01:01 - Updated: 2026-05-27 02:32Summary
Red Hat Security Advisory: Network observability 1.2.0 for Openshift
Severity
Moderate
Notes
Topic: Network Observability 1.2.0 for OpenShift
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Network Observability 1.2.0 is an OpenShift operator that provides a monitoring pipeline to collect and enrich network flows that are produced by the Network observability eBPF agent.
The operator provides dashboards, metrics, and keeps flows accessible in a
queryable log store, Grafana Loki. When a FlowCollector is deployed, new
dashboards are available in the Console.
This update contains bug fixes.
Security Fix(es):
* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
* golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)
* golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64 | — |
Vendor Fix
fix
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64 | — |
Threats
Impact
Moderate
A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64 | — |
Vendor Fix
fix
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64 | — |
Threats
Impact
Moderate
A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64 | — |
Vendor Fix
fix
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64 | — | ||
| Unresolved product id: 9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64 | — |
Threats
Impact
Moderate
References
46 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Network Observability 1.2.0 for OpenShift\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Network Observability 1.2.0 is an OpenShift operator that provides a monitoring pipeline to collect and enrich network flows that are produced by the Network observability eBPF agent.\n\nThe operator provides dashboards, metrics, and keeps flows accessible in a\nqueryable log store, Grafana Loki. When a FlowCollector is deployed, new\ndashboards are available in the Console.\n\nThis update contains bug fixes.\n\nSecurity Fix(es):\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\n* golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)\n\n* golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1817",
"url": "https://access.redhat.com/errata/RHSA-2023:1817"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "2178488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178488"
},
{
"category": "external",
"summary": "2178492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492"
},
{
"category": "external",
"summary": "NETOBSERV-142",
"url": "https://issues.redhat.com/browse/NETOBSERV-142"
},
{
"category": "external",
"summary": "NETOBSERV-350",
"url": "https://issues.redhat.com/browse/NETOBSERV-350"
},
{
"category": "external",
"summary": "NETOBSERV-521",
"url": "https://issues.redhat.com/browse/NETOBSERV-521"
},
{
"category": "external",
"summary": "NETOBSERV-617",
"url": "https://issues.redhat.com/browse/NETOBSERV-617"
},
{
"category": "external",
"summary": "NETOBSERV-658",
"url": "https://issues.redhat.com/browse/NETOBSERV-658"
},
{
"category": "external",
"summary": "NETOBSERV-684",
"url": "https://issues.redhat.com/browse/NETOBSERV-684"
},
{
"category": "external",
"summary": "NETOBSERV-696",
"url": "https://issues.redhat.com/browse/NETOBSERV-696"
},
{
"category": "external",
"summary": "NETOBSERV-755",
"url": "https://issues.redhat.com/browse/NETOBSERV-755"
},
{
"category": "external",
"summary": "NETOBSERV-772",
"url": "https://issues.redhat.com/browse/NETOBSERV-772"
},
{
"category": "external",
"summary": "NETOBSERV-774",
"url": "https://issues.redhat.com/browse/NETOBSERV-774"
},
{
"category": "external",
"summary": "NETOBSERV-785",
"url": "https://issues.redhat.com/browse/NETOBSERV-785"
},
{
"category": "external",
"summary": "NETOBSERV-793",
"url": "https://issues.redhat.com/browse/NETOBSERV-793"
},
{
"category": "external",
"summary": "NETOBSERV-844",
"url": "https://issues.redhat.com/browse/NETOBSERV-844"
},
{
"category": "external",
"summary": "NETOBSERV-857",
"url": "https://issues.redhat.com/browse/NETOBSERV-857"
},
{
"category": "external",
"summary": "NETOBSERV-868",
"url": "https://issues.redhat.com/browse/NETOBSERV-868"
},
{
"category": "external",
"summary": "NETOBSERV-889",
"url": "https://issues.redhat.com/browse/NETOBSERV-889"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1817.json"
}
],
"title": "Red Hat Security Advisory: Network observability 1.2.0 for Openshift",
"tracking": {
"current_release_date": "2026-05-27T02:32:37+00:00",
"generator": {
"date": "2026-05-27T02:32:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:1817",
"initial_release_date": "2023-04-18T01:01:18+00:00",
"revision_history": [
{
"date": "2023-04-18T01:01:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-04-18T01:01:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-27T02:32:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "NETOBSERV 1.2 for RHEL 9",
"product": {
"name": "NETOBSERV 1.2 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.2.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_observ_optr:1.2.0::el9"
}
}
}
],
"category": "product_family",
"name": "Network Observability"
},
{
"branches": [
{
"category": "product_version",
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64",
"product": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64",
"product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.2.0-19"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64",
"product": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64",
"product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.2.0-12"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64",
"product": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64",
"product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.2.0-14"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64",
"product": {
"name": "network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64",
"product_id": "network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.2.0-86"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64",
"product": {
"name": "network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64",
"product_id": "network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.2.0-27"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64 as a component of NETOBSERV 1.2 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64"
},
"product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64 as a component of NETOBSERV 1.2 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64"
},
"product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64 as a component of NETOBSERV 1.2 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64"
},
"product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64 as a component of NETOBSERV 1.2 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64"
},
"product_reference": "network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64 as a component of NETOBSERV 1.2 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64"
},
"product_reference": "network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.2.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64"
],
"known_not_affected": [
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-18T01:01:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1817"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
},
{
"cve": "CVE-2022-41724",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-03-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2178492"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: large handshake records may cause panics",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a denial of service is limited to the golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64"
],
"known_not_affected": [
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41724"
},
{
"category": "external",
"summary": "RHBZ#2178492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178492"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41724"
},
{
"category": "external",
"summary": "https://go.dev/cl/468125",
"url": "https://go.dev/cl/468125"
},
{
"category": "external",
"summary": "https://go.dev/issue/58001",
"url": "https://go.dev/issue/58001"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E",
"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1570",
"url": "https://pkg.go.dev/vuln/GO-2023-1570"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-18T01:01:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1817"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: large handshake records may cause panics"
},
{
"cve": "CVE-2022-41725",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-03-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2178488"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, mime/multipart: denial of service from excessive resource consumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64"
],
"known_not_affected": [
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41725"
},
{
"category": "external",
"summary": "RHBZ#2178488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178488"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41725",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41725"
},
{
"category": "external",
"summary": "https://go.dev/cl/468124",
"url": "https://go.dev/cl/468124"
},
{
"category": "external",
"summary": "https://go.dev/issue/58006",
"url": "https://go.dev/issue/58006"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E",
"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-1569",
"url": "https://pkg.go.dev/vuln/GO-2023-1569"
}
],
"release_date": "2023-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-18T01:01:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1817"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-console-plugin-rhel9@sha256:9841f72ea873e85c91a4ac05c286c9c708c362c7a984753d6c7664a454df1cf3_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:93ad940d2d50b01302a3f9af32895caa5cdd6623b50a963629dcf653e374a610_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:7a4c88957e6bf8a590c348c83485403c5f675aeb5d7350b9e2c9c4a2a08f8fab_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-operator-bundle@sha256:9ba226d0207edd7c9173333647353d3a7a0b5bfc32feb60ca5749dd6dc190c28_amd64",
"9Base-NETWORK-OBSERVABILITY-1.2.0:network-observability/network-observability-rhel9-operator@sha256:b52ce219650214e89e00dfbf092b0d3f3d9c16e2d9ffcf6e67a3b57ae21c3082_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http, mime/multipart: denial of service from excessive resource consumption"
}
]
}
RHSA-2023:2204
Vulnerability from csaf_redhat - Published: 2023-05-09 10:11 - Updated: 2026-05-28 20:28Summary
Red Hat Security Advisory: Image Builder security, bug fix, and enhancement update
Severity
Moderate
Notes
Topic: An update for cockpit-composer, osbuild, osbuild-composer, and weldr-client is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood.
Security Fix(es):
* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)
* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.
6.5 (Medium)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-0:81-1.el9.src | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request's form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.
7.5 (High)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-0:81-1.el9.src | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch | — |
Threats
Impact
Moderate
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-0:81-1.el9.src | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch | — |
Threats
Impact
Moderate
A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.
6.5 (Medium)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-0:81-1.el9.src | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch | — |
Threats
Impact
Moderate
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64 | — |
Vendor Fix
fix
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-0:81-1.el9.src | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch | — | ||
| Unresolved product id: AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch | — |
Threats
Impact
Moderate
References
52 references
Acknowledgments
ADA Logics
Adam Korczynski
OSS-Fuzz
Head of Research, Oxeye
Daniel Abeles
Security Researcher, Oxeye
Gal Goldstein
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for cockpit-composer, osbuild, osbuild-composer, and weldr-client is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood.\n\nSecurity Fix(es):\n\n* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)\n\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:2204",
"url": "https://access.redhat.com/errata/RHSA-2023:2204"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index"
},
{
"category": "external",
"summary": "2119980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119980"
},
{
"category": "external",
"summary": "2122843",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122843"
},
{
"category": "external",
"summary": "2123373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2123373"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2125249",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2125249"
},
{
"category": "external",
"summary": "2132250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132250"
},
{
"category": "external",
"summary": "2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "2136504",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136504"
},
{
"category": "external",
"summary": "2137364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137364"
},
{
"category": "external",
"summary": "2139645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139645"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "2164560",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164560"
},
{
"category": "external",
"summary": "2174158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174158"
},
{
"category": "external",
"summary": "2177699",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177699"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2204.json"
}
],
"title": "Red Hat Security Advisory: Image Builder security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2026-05-28T20:28:31+00:00",
"generator": {
"date": "2026-05-28T20:28:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:2204",
"initial_release_date": "2023-05-09T10:11:21+00:00",
"revision_history": [
{
"date": "2023-05-09T10:11:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-09T10:11:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-28T20:28:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "weldr-client-0:35.9-1.el9.src",
"product": {
"name": "weldr-client-0:35.9-1.el9.src",
"product_id": "weldr-client-0:35.9-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client@35.9-1.el9?arch=src"
}
}
},
{
"category": "product_version",
"name": "osbuild-0:81-1.el9.src",
"product": {
"name": "osbuild-0:81-1.el9.src",
"product_id": "osbuild-0:81-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild@81-1.el9?arch=src"
}
}
},
{
"category": "product_version",
"name": "cockpit-composer-0:45-1.el9_2.src",
"product": {
"name": "cockpit-composer-0:45-1.el9_2.src",
"product_id": "cockpit-composer-0:45-1.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cockpit-composer@45-1.el9_2?arch=src"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-0:76-2.el9_2.src",
"product": {
"name": "osbuild-composer-0:76-2.el9_2.src",
"product_id": "osbuild-composer-0:76-2.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@76-2.el9_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "weldr-client-0:35.9-1.el9.aarch64",
"product": {
"name": "weldr-client-0:35.9-1.el9.aarch64",
"product_id": "weldr-client-0:35.9-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client@35.9-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "weldr-client-debugsource-0:35.9-1.el9.aarch64",
"product": {
"name": "weldr-client-debugsource-0:35.9-1.el9.aarch64",
"product_id": "weldr-client-debugsource-0:35.9-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-debugsource@35.9-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"product": {
"name": "weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"product_id": "weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-debuginfo@35.9-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"product": {
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"product_id": "weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-tests-debuginfo@35.9-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-0:76-2.el9_2.aarch64",
"product": {
"name": "osbuild-composer-0:76-2.el9_2.aarch64",
"product_id": "osbuild-composer-0:76-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@76-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:76-2.el9_2.aarch64",
"product": {
"name": "osbuild-composer-core-0:76-2.el9_2.aarch64",
"product_id": "osbuild-composer-core-0:76-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@76-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"product": {
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"product_id": "osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-dnf-json@76-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:76-2.el9_2.aarch64",
"product": {
"name": "osbuild-composer-worker-0:76-2.el9_2.aarch64",
"product_id": "osbuild-composer-worker-0:76-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@76-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"product": {
"name": "osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"product_id": "osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@76-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"product": {
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"product_id": "osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@76-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"product": {
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"product_id": "osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@76-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"product_id": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@76-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"product_id": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@76-2.el9_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "weldr-client-0:35.9-1.el9.ppc64le",
"product": {
"name": "weldr-client-0:35.9-1.el9.ppc64le",
"product_id": "weldr-client-0:35.9-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client@35.9-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"product": {
"name": "weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"product_id": "weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-debugsource@35.9-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"product": {
"name": "weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"product_id": "weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-debuginfo@35.9-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"product": {
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"product_id": "weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-tests-debuginfo@35.9-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-0:76-2.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-0:76-2.el9_2.ppc64le",
"product_id": "osbuild-composer-0:76-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@76-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:76-2.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-core-0:76-2.el9_2.ppc64le",
"product_id": "osbuild-composer-core-0:76-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@76-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"product_id": "osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-dnf-json@76-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"product_id": "osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@76-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"product_id": "osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@76-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"product_id": "osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@76-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"product_id": "osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@76-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"product_id": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@76-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"product_id": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@76-2.el9_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "weldr-client-0:35.9-1.el9.x86_64",
"product": {
"name": "weldr-client-0:35.9-1.el9.x86_64",
"product_id": "weldr-client-0:35.9-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client@35.9-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "weldr-client-debugsource-0:35.9-1.el9.x86_64",
"product": {
"name": "weldr-client-debugsource-0:35.9-1.el9.x86_64",
"product_id": "weldr-client-debugsource-0:35.9-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-debugsource@35.9-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"product": {
"name": "weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"product_id": "weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-debuginfo@35.9-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64",
"product": {
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64",
"product_id": "weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-tests-debuginfo@35.9-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-0:76-2.el9_2.x86_64",
"product": {
"name": "osbuild-composer-0:76-2.el9_2.x86_64",
"product_id": "osbuild-composer-0:76-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@76-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:76-2.el9_2.x86_64",
"product": {
"name": "osbuild-composer-core-0:76-2.el9_2.x86_64",
"product_id": "osbuild-composer-core-0:76-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@76-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"product": {
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"product_id": "osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-dnf-json@76-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:76-2.el9_2.x86_64",
"product": {
"name": "osbuild-composer-worker-0:76-2.el9_2.x86_64",
"product_id": "osbuild-composer-worker-0:76-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@76-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"product": {
"name": "osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"product_id": "osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@76-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"product": {
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"product_id": "osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@76-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"product": {
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"product_id": "osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@76-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"product_id": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@76-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"product_id": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@76-2.el9_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "weldr-client-0:35.9-1.el9.s390x",
"product": {
"name": "weldr-client-0:35.9-1.el9.s390x",
"product_id": "weldr-client-0:35.9-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client@35.9-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "weldr-client-debugsource-0:35.9-1.el9.s390x",
"product": {
"name": "weldr-client-debugsource-0:35.9-1.el9.s390x",
"product_id": "weldr-client-debugsource-0:35.9-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-debugsource@35.9-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "weldr-client-debuginfo-0:35.9-1.el9.s390x",
"product": {
"name": "weldr-client-debuginfo-0:35.9-1.el9.s390x",
"product_id": "weldr-client-debuginfo-0:35.9-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-debuginfo@35.9-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"product": {
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"product_id": "weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/weldr-client-tests-debuginfo@35.9-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"product": {
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"product_id": "osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@76-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"product": {
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"product_id": "osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@76-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"product_id": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@76-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"product_id": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@76-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-0:76-2.el9_2.s390x",
"product": {
"name": "osbuild-composer-0:76-2.el9_2.s390x",
"product_id": "osbuild-composer-0:76-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@76-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:76-2.el9_2.s390x",
"product": {
"name": "osbuild-composer-core-0:76-2.el9_2.s390x",
"product_id": "osbuild-composer-core-0:76-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@76-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"product": {
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"product_id": "osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-dnf-json@76-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:76-2.el9_2.s390x",
"product": {
"name": "osbuild-composer-worker-0:76-2.el9_2.s390x",
"product_id": "osbuild-composer-worker-0:76-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@76-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"product": {
"name": "osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"product_id": "osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@76-2.el9_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-0:81-1.el9.noarch",
"product": {
"name": "osbuild-0:81-1.el9.noarch",
"product_id": "osbuild-0:81-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild@81-1.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "osbuild-luks2-0:81-1.el9.noarch",
"product": {
"name": "osbuild-luks2-0:81-1.el9.noarch",
"product_id": "osbuild-luks2-0:81-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-luks2@81-1.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "osbuild-lvm2-0:81-1.el9.noarch",
"product": {
"name": "osbuild-lvm2-0:81-1.el9.noarch",
"product_id": "osbuild-lvm2-0:81-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-lvm2@81-1.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "osbuild-ostree-0:81-1.el9.noarch",
"product": {
"name": "osbuild-ostree-0:81-1.el9.noarch",
"product_id": "osbuild-ostree-0:81-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-ostree@81-1.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "osbuild-selinux-0:81-1.el9.noarch",
"product": {
"name": "osbuild-selinux-0:81-1.el9.noarch",
"product_id": "osbuild-selinux-0:81-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-selinux@81-1.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-osbuild-0:81-1.el9.noarch",
"product": {
"name": "python3-osbuild-0:81-1.el9.noarch",
"product_id": "python3-osbuild-0:81-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-osbuild@81-1.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "cockpit-composer-0:45-1.el9_2.noarch",
"product": {
"name": "cockpit-composer-0:45-1.el9_2.noarch",
"product_id": "cockpit-composer-0:45-1.el9_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cockpit-composer@45-1.el9_2?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cockpit-composer-0:45-1.el9_2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch"
},
"product_reference": "cockpit-composer-0:45-1.el9_2.noarch",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cockpit-composer-0:45-1.el9_2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src"
},
"product_reference": "cockpit-composer-0:45-1.el9_2.src",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-0:81-1.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch"
},
"product_reference": "osbuild-0:81-1.el9.noarch",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-0:81-1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-0:81-1.el9.src"
},
"product_reference": "osbuild-0:81-1.el9.src",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:76-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64"
},
"product_reference": "osbuild-composer-0:76-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:76-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-0:76-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:76-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x"
},
"product_reference": "osbuild-composer-0:76-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:76-2.el9_2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src"
},
"product_reference": "osbuild-composer-0:76-2.el9_2.src",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:76-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64"
},
"product_reference": "osbuild-composer-0:76-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:76-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64"
},
"product_reference": "osbuild-composer-core-0:76-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:76-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-core-0:76-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:76-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x"
},
"product_reference": "osbuild-composer-core-0:76-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:76-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64"
},
"product_reference": "osbuild-composer-core-0:76-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64"
},
"product_reference": "osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x"
},
"product_reference": "osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64"
},
"product_reference": "osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64"
},
"product_reference": "osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x"
},
"product_reference": "osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:76-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64"
},
"product_reference": "osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:76-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64"
},
"product_reference": "osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:76-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:76-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x"
},
"product_reference": "osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:76-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64"
},
"product_reference": "osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64"
},
"product_reference": "osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x"
},
"product_reference": "osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-dnf-json-0:76-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64"
},
"product_reference": "osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:76-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64"
},
"product_reference": "osbuild-composer-worker-0:76-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:76-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:76-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x"
},
"product_reference": "osbuild-composer-worker-0:76-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:76-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64"
},
"product_reference": "osbuild-composer-worker-0:76-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-luks2-0:81-1.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch"
},
"product_reference": "osbuild-luks2-0:81-1.el9.noarch",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-lvm2-0:81-1.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch"
},
"product_reference": "osbuild-lvm2-0:81-1.el9.noarch",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-ostree-0:81-1.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch"
},
"product_reference": "osbuild-ostree-0:81-1.el9.noarch",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-selinux-0:81-1.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch"
},
"product_reference": "osbuild-selinux-0:81-1.el9.noarch",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-osbuild-0:81-1.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
},
"product_reference": "python3-osbuild-0:81-1.el9.noarch",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-0:35.9-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64"
},
"product_reference": "weldr-client-0:35.9-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-0:35.9-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le"
},
"product_reference": "weldr-client-0:35.9-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-0:35.9-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x"
},
"product_reference": "weldr-client-0:35.9-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-0:35.9-1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src"
},
"product_reference": "weldr-client-0:35.9-1.el9.src",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-0:35.9-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64"
},
"product_reference": "weldr-client-0:35.9-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-debuginfo-0:35.9-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64"
},
"product_reference": "weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-debuginfo-0:35.9-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le"
},
"product_reference": "weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-debuginfo-0:35.9-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x"
},
"product_reference": "weldr-client-debuginfo-0:35.9-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-debuginfo-0:35.9-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64"
},
"product_reference": "weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-debugsource-0:35.9-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64"
},
"product_reference": "weldr-client-debugsource-0:35.9-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-debugsource-0:35.9-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le"
},
"product_reference": "weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-debugsource-0:35.9-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x"
},
"product_reference": "weldr-client-debugsource-0:35.9-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-debugsource-0:35.9-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64"
},
"product_reference": "weldr-client-debugsource-0:35.9-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64"
},
"product_reference": "weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le"
},
"product_reference": "weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x"
},
"product_reference": "weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
},
"product_reference": "weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-2879",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132867"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.\n\n\nThis flaw additionally affects the github.com/vbatts/tar-split library and was fixed in v0.12.1.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
],
"known_not_affected": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2879"
},
{
"category": "external",
"summary": "RHBZ#2132867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54853",
"url": "https://github.com/golang/go/issues/54853"
},
{
"category": "external",
"summary": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1",
"url": "https://github.com/vbatts/tar-split/releases/tag/v0.12.1"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:11:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2204"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers"
},
{
"acknowledgments": [
{
"names": [
"Daniel Abeles"
],
"organization": "Head of Research, Oxeye"
},
{
"names": [
"Gal Goldstein"
],
"organization": "Security Researcher, Oxeye"
}
],
"cve": "CVE-2022-2880",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132868"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
],
"known_not_affected": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2880"
},
{
"category": "external",
"summary": "RHBZ#2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54663",
"url": "https://github.com/golang/go/issues/54663"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:11:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2204"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
],
"known_not_affected": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:11:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2204"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-41715",
"discovery_date": "2022-10-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp/syntax: limit memory used by parsing regexps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
],
"known_not_affected": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41715"
},
{
"category": "external",
"summary": "RHBZ#2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/55949",
"url": "https://github.com/golang/go/issues/55949"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:11:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2204"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp/syntax: limit memory used by parsing regexps"
},
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
],
"known_not_affected": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:11:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2204"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.noarch",
"AppStream-9.2.0.GA:cockpit-composer-0:45-1.el9_2.src",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-0:81-1.el9.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.src",
"AppStream-9.2.0.GA:osbuild-composer-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-core-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-debugsource-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-dnf-json-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-tests-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.aarch64",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.ppc64le",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.s390x",
"AppStream-9.2.0.GA:osbuild-composer-worker-debuginfo-0:76-2.el9_2.x86_64",
"AppStream-9.2.0.GA:osbuild-luks2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-lvm2-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-ostree-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:osbuild-selinux-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:python3-osbuild-0:81-1.el9.noarch",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.src",
"AppStream-9.2.0.GA:weldr-client-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debuginfo-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-debugsource-0:35.9-1.el9.x86_64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.aarch64",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.ppc64le",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.s390x",
"AppStream-9.2.0.GA:weldr-client-tests-debuginfo-0:35.9-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
}
]
}
RHSA-2023:2222
Vulnerability from csaf_redhat - Published: 2023-05-09 10:10 - Updated: 2026-04-30 13:12Summary
Red Hat Security Advisory: conmon security and bug fix update
Severity
Moderate
Notes
Topic: An update for conmon is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Conmon is an OCI container runtime monitor.
Security Fix(es):
* golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for conmon is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Conmon is an OCI container runtime monitor.\n\nSecurity Fix(es):\n\n* golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:2222",
"url": "https://access.redhat.com/errata/RHSA-2023:2222"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index"
},
{
"category": "external",
"summary": "2129080",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129080"
},
{
"category": "external",
"summary": "2154417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154417"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "2173697",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173697"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2222.json"
}
],
"title": "Red Hat Security Advisory: conmon security and bug fix update",
"tracking": {
"current_release_date": "2026-04-30T13:12:36+00:00",
"generator": {
"date": "2026-04-30T13:12:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2023:2222",
"initial_release_date": "2023-05-09T10:10:29+00:00",
"revision_history": [
{
"date": "2023-05-09T10:10:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-09T10:10:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T13:12:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "conmon-2:2.1.7-1.el9_2.src",
"product": {
"name": "conmon-2:2.1.7-1.el9_2.src",
"product_id": "conmon-2:2.1.7-1.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon@2.1.7-1.el9_2?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "conmon-2:2.1.7-1.el9_2.aarch64",
"product": {
"name": "conmon-2:2.1.7-1.el9_2.aarch64",
"product_id": "conmon-2:2.1.7-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon@2.1.7-1.el9_2?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "conmon-debugsource-2:2.1.7-1.el9_2.aarch64",
"product": {
"name": "conmon-debugsource-2:2.1.7-1.el9_2.aarch64",
"product_id": "conmon-debugsource-2:2.1.7-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon-debugsource@2.1.7-1.el9_2?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "conmon-debuginfo-2:2.1.7-1.el9_2.aarch64",
"product": {
"name": "conmon-debuginfo-2:2.1.7-1.el9_2.aarch64",
"product_id": "conmon-debuginfo-2:2.1.7-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon-debuginfo@2.1.7-1.el9_2?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "conmon-2:2.1.7-1.el9_2.ppc64le",
"product": {
"name": "conmon-2:2.1.7-1.el9_2.ppc64le",
"product_id": "conmon-2:2.1.7-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon@2.1.7-1.el9_2?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "conmon-debugsource-2:2.1.7-1.el9_2.ppc64le",
"product": {
"name": "conmon-debugsource-2:2.1.7-1.el9_2.ppc64le",
"product_id": "conmon-debugsource-2:2.1.7-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon-debugsource@2.1.7-1.el9_2?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "conmon-debuginfo-2:2.1.7-1.el9_2.ppc64le",
"product": {
"name": "conmon-debuginfo-2:2.1.7-1.el9_2.ppc64le",
"product_id": "conmon-debuginfo-2:2.1.7-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon-debuginfo@2.1.7-1.el9_2?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "conmon-2:2.1.7-1.el9_2.x86_64",
"product": {
"name": "conmon-2:2.1.7-1.el9_2.x86_64",
"product_id": "conmon-2:2.1.7-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon@2.1.7-1.el9_2?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "conmon-debugsource-2:2.1.7-1.el9_2.x86_64",
"product": {
"name": "conmon-debugsource-2:2.1.7-1.el9_2.x86_64",
"product_id": "conmon-debugsource-2:2.1.7-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon-debugsource@2.1.7-1.el9_2?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "conmon-debuginfo-2:2.1.7-1.el9_2.x86_64",
"product": {
"name": "conmon-debuginfo-2:2.1.7-1.el9_2.x86_64",
"product_id": "conmon-debuginfo-2:2.1.7-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon-debuginfo@2.1.7-1.el9_2?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "conmon-2:2.1.7-1.el9_2.s390x",
"product": {
"name": "conmon-2:2.1.7-1.el9_2.s390x",
"product_id": "conmon-2:2.1.7-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon@2.1.7-1.el9_2?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "conmon-debugsource-2:2.1.7-1.el9_2.s390x",
"product": {
"name": "conmon-debugsource-2:2.1.7-1.el9_2.s390x",
"product_id": "conmon-debugsource-2:2.1.7-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon-debugsource@2.1.7-1.el9_2?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "conmon-debuginfo-2:2.1.7-1.el9_2.s390x",
"product": {
"name": "conmon-debuginfo-2:2.1.7-1.el9_2.s390x",
"product_id": "conmon-debuginfo-2:2.1.7-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/conmon-debuginfo@2.1.7-1.el9_2?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2:2.1.7-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.aarch64"
},
"product_reference": "conmon-2:2.1.7-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2:2.1.7-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.ppc64le"
},
"product_reference": "conmon-2:2.1.7-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2:2.1.7-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.s390x"
},
"product_reference": "conmon-2:2.1.7-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2:2.1.7-1.el9_2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.src"
},
"product_reference": "conmon-2:2.1.7-1.el9_2.src",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2:2.1.7-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.x86_64"
},
"product_reference": "conmon-2:2.1.7-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-debuginfo-2:2.1.7-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.aarch64"
},
"product_reference": "conmon-debuginfo-2:2.1.7-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-debuginfo-2:2.1.7-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.ppc64le"
},
"product_reference": "conmon-debuginfo-2:2.1.7-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-debuginfo-2:2.1.7-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.s390x"
},
"product_reference": "conmon-debuginfo-2:2.1.7-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-debuginfo-2:2.1.7-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.x86_64"
},
"product_reference": "conmon-debuginfo-2:2.1.7-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-debugsource-2:2.1.7-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.aarch64"
},
"product_reference": "conmon-debugsource-2:2.1.7-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-debugsource-2:2.1.7-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.ppc64le"
},
"product_reference": "conmon-debugsource-2:2.1.7-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-debugsource-2:2.1.7-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.s390x"
},
"product_reference": "conmon-debugsource-2:2.1.7-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-debugsource-2:2.1.7-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.x86_64"
},
"product_reference": "conmon-debugsource-2:2.1.7-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.aarch64",
"AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.ppc64le",
"AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.s390x",
"AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.src",
"AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.x86_64",
"AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.aarch64",
"AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.ppc64le",
"AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.s390x",
"AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.x86_64",
"AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.aarch64",
"AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.ppc64le",
"AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.s390x",
"AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:10:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.aarch64",
"AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.ppc64le",
"AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.s390x",
"AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.src",
"AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.x86_64",
"AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.aarch64",
"AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.ppc64le",
"AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.s390x",
"AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.x86_64",
"AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.aarch64",
"AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.ppc64le",
"AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.s390x",
"AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2222"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.aarch64",
"AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.ppc64le",
"AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.s390x",
"AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.src",
"AppStream-9.2.0.GA:conmon-2:2.1.7-1.el9_2.x86_64",
"AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.aarch64",
"AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.ppc64le",
"AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.s390x",
"AppStream-9.2.0.GA:conmon-debuginfo-2:2.1.7-1.el9_2.x86_64",
"AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.aarch64",
"AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.ppc64le",
"AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.s390x",
"AppStream-9.2.0.GA:conmon-debugsource-2:2.1.7-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
}
]
}
RHSA-2023:2236
Vulnerability from csaf_redhat - Published: 2023-05-09 10:03 - Updated: 2026-05-11 14:40Summary
Red Hat Security Advisory: toolbox security and bug fix update
Severity
Moderate
Notes
Topic: An update for toolbox is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI.
Security Fix(es):
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.
6.5 (Medium)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for toolbox is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI.\n\nSecurity Fix(es):\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:2236",
"url": "https://access.redhat.com/errata/RHSA-2023:2236"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index"
},
{
"category": "external",
"summary": "2033282",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2033282"
},
{
"category": "external",
"summary": "2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "2163752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163752"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2236.json"
}
],
"title": "Red Hat Security Advisory: toolbox security and bug fix update",
"tracking": {
"current_release_date": "2026-05-11T14:40:47+00:00",
"generator": {
"date": "2026-05-11T14:40:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2023:2236",
"initial_release_date": "2023-05-09T10:03:47+00:00",
"revision_history": [
{
"date": "2023-05-09T10:03:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-09T10:03:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-11T14:40:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-9.el9.src",
"product": {
"name": "toolbox-0:0.0.99.3-9.el9.src",
"product_id": "toolbox-0:0.0.99.3-9.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-9.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-9.el9.aarch64",
"product": {
"name": "toolbox-0:0.0.99.3-9.el9.aarch64",
"product_id": "toolbox-0:0.0.99.3-9.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-9.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"product": {
"name": "toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"product_id": "toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-tests@0.0.99.3-9.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"product": {
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"product_id": "toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debugsource@0.0.99.3-9.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"product": {
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"product_id": "toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debuginfo@0.0.99.3-9.el9?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-9.el9.ppc64le",
"product": {
"name": "toolbox-0:0.0.99.3-9.el9.ppc64le",
"product_id": "toolbox-0:0.0.99.3-9.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-9.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"product": {
"name": "toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"product_id": "toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-tests@0.0.99.3-9.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"product": {
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"product_id": "toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debugsource@0.0.99.3-9.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"product": {
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"product_id": "toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debuginfo@0.0.99.3-9.el9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-9.el9.x86_64",
"product": {
"name": "toolbox-0:0.0.99.3-9.el9.x86_64",
"product_id": "toolbox-0:0.0.99.3-9.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-9.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "toolbox-tests-0:0.0.99.3-9.el9.x86_64",
"product": {
"name": "toolbox-tests-0:0.0.99.3-9.el9.x86_64",
"product_id": "toolbox-tests-0:0.0.99.3-9.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-tests@0.0.99.3-9.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"product": {
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"product_id": "toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debugsource@0.0.99.3-9.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"product": {
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"product_id": "toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debuginfo@0.0.99.3-9.el9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "toolbox-0:0.0.99.3-9.el9.s390x",
"product": {
"name": "toolbox-0:0.0.99.3-9.el9.s390x",
"product_id": "toolbox-0:0.0.99.3-9.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox@0.0.99.3-9.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "toolbox-tests-0:0.0.99.3-9.el9.s390x",
"product": {
"name": "toolbox-tests-0:0.0.99.3-9.el9.s390x",
"product_id": "toolbox-tests-0:0.0.99.3-9.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-tests@0.0.99.3-9.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"product": {
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"product_id": "toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debugsource@0.0.99.3-9.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"product": {
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"product_id": "toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/toolbox-debuginfo@0.0.99.3-9.el9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-9.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64"
},
"product_reference": "toolbox-0:0.0.99.3-9.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-9.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le"
},
"product_reference": "toolbox-0:0.0.99.3-9.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-9.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x"
},
"product_reference": "toolbox-0:0.0.99.3-9.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-9.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src"
},
"product_reference": "toolbox-0:0.0.99.3-9.el9.src",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-0:0.0.99.3-9.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64"
},
"product_reference": "toolbox-0:0.0.99.3-9.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64"
},
"product_reference": "toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le"
},
"product_reference": "toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x"
},
"product_reference": "toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64"
},
"product_reference": "toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64"
},
"product_reference": "toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le"
},
"product_reference": "toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x"
},
"product_reference": "toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-debugsource-0:0.0.99.3-9.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64"
},
"product_reference": "toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-tests-0:0.0.99.3-9.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64"
},
"product_reference": "toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-tests-0:0.0.99.3-9.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le"
},
"product_reference": "toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-tests-0:0.0.99.3-9.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x"
},
"product_reference": "toolbox-tests-0:0.0.99.3-9.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "toolbox-tests-0:0.0.99.3-9.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
},
"product_reference": "toolbox-tests-0:0.0.99.3-9.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:03:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2236"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"cve": "CVE-2022-32189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-08-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2113814"
}
],
"notes": [
{
"category": "description",
"text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32189"
},
{
"category": "external",
"summary": "RHBZ#2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189"
},
{
"category": "external",
"summary": "https://go.dev/issue/53871",
"url": "https://go.dev/issue/53871"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU",
"url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU"
}
],
"release_date": "2022-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:03:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2236"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service"
},
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:03:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2236"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.src",
"AppStream-9.2.0.GA:toolbox-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debuginfo-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-debugsource-0:0.0.99.3-9.el9.x86_64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.aarch64",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.ppc64le",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.s390x",
"AppStream-9.2.0.GA:toolbox-tests-0:0.0.99.3-9.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
}
]
}
RHSA-2023:2253
Vulnerability from csaf_redhat - Published: 2023-05-09 09:52 - Updated: 2026-05-15 02:21Summary
Red Hat Security Advisory: buildah security and bug fix update
Severity
Moderate
Notes
Topic: An update for buildah is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images.
Security Fix(es):
* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.
CWE-331 - Insufficient EntropyAffected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for buildah is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. \n\nSecurity Fix(es):\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:2253",
"url": "https://access.redhat.com/errata/RHSA-2023:2253"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index"
},
{
"category": "external",
"summary": "2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "2142494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142494"
},
{
"category": "external",
"summary": "2150429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150429"
},
{
"category": "external",
"summary": "2151247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151247"
},
{
"category": "external",
"summary": "2152001",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152001"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "2166225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166225"
},
{
"category": "external",
"summary": "2182315",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182315"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2253.json"
}
],
"title": "Red Hat Security Advisory: buildah security and bug fix update",
"tracking": {
"current_release_date": "2026-05-15T02:21:26+00:00",
"generator": {
"date": "2026-05-15T02:21:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2023:2253",
"initial_release_date": "2023-05-09T09:52:10+00:00",
"revision_history": [
{
"date": "2023-05-09T09:52:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-09T09:52:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-15T02:21:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1:1.29.1-1.el9.src",
"product": {
"name": "buildah-1:1.29.1-1.el9.src",
"product_id": "buildah-1:1.29.1-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.29.1-1.el9?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1:1.29.1-1.el9.aarch64",
"product": {
"name": "buildah-1:1.29.1-1.el9.aarch64",
"product_id": "buildah-1:1.29.1-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.29.1-1.el9?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-1:1.29.1-1.el9.aarch64",
"product": {
"name": "buildah-tests-1:1.29.1-1.el9.aarch64",
"product_id": "buildah-tests-1:1.29.1-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.29.1-1.el9?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-1:1.29.1-1.el9.aarch64",
"product": {
"name": "buildah-debugsource-1:1.29.1-1.el9.aarch64",
"product_id": "buildah-debugsource-1:1.29.1-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.29.1-1.el9?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-1:1.29.1-1.el9.aarch64",
"product": {
"name": "buildah-debuginfo-1:1.29.1-1.el9.aarch64",
"product_id": "buildah-debuginfo-1:1.29.1-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.29.1-1.el9?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-1:1.29.1-1.el9.aarch64",
"product": {
"name": "buildah-tests-debuginfo-1:1.29.1-1.el9.aarch64",
"product_id": "buildah-tests-debuginfo-1:1.29.1-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.29.1-1.el9?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1:1.29.1-1.el9.ppc64le",
"product": {
"name": "buildah-1:1.29.1-1.el9.ppc64le",
"product_id": "buildah-1:1.29.1-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.29.1-1.el9?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-1:1.29.1-1.el9.ppc64le",
"product": {
"name": "buildah-tests-1:1.29.1-1.el9.ppc64le",
"product_id": "buildah-tests-1:1.29.1-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.29.1-1.el9?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-1:1.29.1-1.el9.ppc64le",
"product": {
"name": "buildah-debugsource-1:1.29.1-1.el9.ppc64le",
"product_id": "buildah-debugsource-1:1.29.1-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.29.1-1.el9?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-1:1.29.1-1.el9.ppc64le",
"product": {
"name": "buildah-debuginfo-1:1.29.1-1.el9.ppc64le",
"product_id": "buildah-debuginfo-1:1.29.1-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.29.1-1.el9?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-1:1.29.1-1.el9.ppc64le",
"product": {
"name": "buildah-tests-debuginfo-1:1.29.1-1.el9.ppc64le",
"product_id": "buildah-tests-debuginfo-1:1.29.1-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.29.1-1.el9?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1:1.29.1-1.el9.x86_64",
"product": {
"name": "buildah-1:1.29.1-1.el9.x86_64",
"product_id": "buildah-1:1.29.1-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.29.1-1.el9?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-1:1.29.1-1.el9.x86_64",
"product": {
"name": "buildah-tests-1:1.29.1-1.el9.x86_64",
"product_id": "buildah-tests-1:1.29.1-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.29.1-1.el9?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-1:1.29.1-1.el9.x86_64",
"product": {
"name": "buildah-debugsource-1:1.29.1-1.el9.x86_64",
"product_id": "buildah-debugsource-1:1.29.1-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.29.1-1.el9?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-1:1.29.1-1.el9.x86_64",
"product": {
"name": "buildah-debuginfo-1:1.29.1-1.el9.x86_64",
"product_id": "buildah-debuginfo-1:1.29.1-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.29.1-1.el9?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-1:1.29.1-1.el9.x86_64",
"product": {
"name": "buildah-tests-debuginfo-1:1.29.1-1.el9.x86_64",
"product_id": "buildah-tests-debuginfo-1:1.29.1-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.29.1-1.el9?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1:1.29.1-1.el9.s390x",
"product": {
"name": "buildah-1:1.29.1-1.el9.s390x",
"product_id": "buildah-1:1.29.1-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.29.1-1.el9?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-1:1.29.1-1.el9.s390x",
"product": {
"name": "buildah-tests-1:1.29.1-1.el9.s390x",
"product_id": "buildah-tests-1:1.29.1-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.29.1-1.el9?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-1:1.29.1-1.el9.s390x",
"product": {
"name": "buildah-debugsource-1:1.29.1-1.el9.s390x",
"product_id": "buildah-debugsource-1:1.29.1-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.29.1-1.el9?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-1:1.29.1-1.el9.s390x",
"product": {
"name": "buildah-debuginfo-1:1.29.1-1.el9.s390x",
"product_id": "buildah-debuginfo-1:1.29.1-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.29.1-1.el9?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-1:1.29.1-1.el9.s390x",
"product": {
"name": "buildah-tests-debuginfo-1:1.29.1-1.el9.s390x",
"product_id": "buildah-tests-debuginfo-1:1.29.1-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.29.1-1.el9?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1:1.29.1-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.aarch64"
},
"product_reference": "buildah-1:1.29.1-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1:1.29.1-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.ppc64le"
},
"product_reference": "buildah-1:1.29.1-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1:1.29.1-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.s390x"
},
"product_reference": "buildah-1:1.29.1-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1:1.29.1-1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.src"
},
"product_reference": "buildah-1:1.29.1-1.el9.src",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1:1.29.1-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.x86_64"
},
"product_reference": "buildah-1:1.29.1-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-1:1.29.1-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.aarch64"
},
"product_reference": "buildah-debuginfo-1:1.29.1-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-1:1.29.1-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.ppc64le"
},
"product_reference": "buildah-debuginfo-1:1.29.1-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-1:1.29.1-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.s390x"
},
"product_reference": "buildah-debuginfo-1:1.29.1-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-1:1.29.1-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.x86_64"
},
"product_reference": "buildah-debuginfo-1:1.29.1-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-1:1.29.1-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.aarch64"
},
"product_reference": "buildah-debugsource-1:1.29.1-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-1:1.29.1-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.ppc64le"
},
"product_reference": "buildah-debugsource-1:1.29.1-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-1:1.29.1-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.s390x"
},
"product_reference": "buildah-debugsource-1:1.29.1-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-1:1.29.1-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.x86_64"
},
"product_reference": "buildah-debugsource-1:1.29.1-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-1:1.29.1-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.aarch64"
},
"product_reference": "buildah-tests-1:1.29.1-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-1:1.29.1-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.ppc64le"
},
"product_reference": "buildah-tests-1:1.29.1-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-1:1.29.1-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.s390x"
},
"product_reference": "buildah-tests-1:1.29.1-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-1:1.29.1-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.x86_64"
},
"product_reference": "buildah-tests-1:1.29.1-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-1:1.29.1-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.aarch64"
},
"product_reference": "buildah-tests-debuginfo-1:1.29.1-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-1:1.29.1-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.ppc64le"
},
"product_reference": "buildah-tests-debuginfo-1:1.29.1-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-1:1.29.1-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.s390x"
},
"product_reference": "buildah-tests-debuginfo-1:1.29.1-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-1:1.29.1-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.x86_64"
},
"product_reference": "buildah-tests-debuginfo-1:1.29.1-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-30629",
"cwe": {
"id": "CWE-331",
"name": "Insufficient Entropy"
},
"discovery_date": "2022-06-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2092793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: session tickets lack random ticket_age_add",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.src",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30629"
},
{
"category": "external",
"summary": "RHBZ#2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
"url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
}
],
"release_date": "2022-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T09:52:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.src",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2253"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.src",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/tls: session tickets lack random ticket_age_add"
},
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.src",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T09:52:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.src",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2253"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.src",
"AppStream-9.2.0.GA:buildah-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-debuginfo-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-debugsource-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-tests-1:1.29.1-1.el9.x86_64",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.aarch64",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.ppc64le",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.s390x",
"AppStream-9.2.0.GA:buildah-tests-debuginfo-1:1.29.1-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
}
]
}
RHSA-2023:2282
Vulnerability from csaf_redhat - Published: 2023-05-09 10:01 - Updated: 2026-05-15 02:21Summary
Red Hat Security Advisory: podman security and bug fix update
Severity
Moderate
Notes
Topic: An update for podman is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.
Security Fix(es):
* golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.
CWE-331 - Insufficient EntropyAffected products
Fixed
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-docker-2:4.4.1-3.el9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-docker-2:4.4.1-3.el9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
34 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for podman is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.\n\nSecurity Fix(es):\n\n* golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:2282",
"url": "https://access.redhat.com/errata/RHSA-2023:2282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index"
},
{
"category": "external",
"summary": "1998676",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1998676"
},
{
"category": "external",
"summary": "2078411",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078411"
},
{
"category": "external",
"summary": "2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "2105173",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105173"
},
{
"category": "external",
"summary": "2123251",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2123251"
},
{
"category": "external",
"summary": "2141019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141019"
},
{
"category": "external",
"summary": "2149774",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149774"
},
{
"category": "external",
"summary": "2150430",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150430"
},
{
"category": "external",
"summary": "2152023",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152023"
},
{
"category": "external",
"summary": "2152736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152736"
},
{
"category": "external",
"summary": "2153894",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153894"
},
{
"category": "external",
"summary": "2158472",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158472"
},
{
"category": "external",
"summary": "2158632",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158632"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "2166091",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166091"
},
{
"category": "external",
"summary": "2182821",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182821"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2282.json"
}
],
"title": "Red Hat Security Advisory: podman security and bug fix update",
"tracking": {
"current_release_date": "2026-05-15T02:21:27+00:00",
"generator": {
"date": "2026-05-15T02:21:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2023:2282",
"initial_release_date": "2023-05-09T10:01:45+00:00",
"revision_history": [
{
"date": "2023-05-09T10:01:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-09T10:01:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-15T02:21:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-2:4.4.1-3.el9.src",
"product": {
"name": "podman-2:4.4.1-3.el9.src",
"product_id": "podman-2:4.4.1-3.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@4.4.1-3.el9?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-2:4.4.1-3.el9.aarch64",
"product": {
"name": "podman-2:4.4.1-3.el9.aarch64",
"product_id": "podman-2:4.4.1-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@4.4.1-3.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-2:4.4.1-3.el9.aarch64",
"product": {
"name": "podman-gvproxy-2:4.4.1-3.el9.aarch64",
"product_id": "podman-gvproxy-2:4.4.1-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy@4.4.1-3.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-2:4.4.1-3.el9.aarch64",
"product": {
"name": "podman-plugins-2:4.4.1-3.el9.aarch64",
"product_id": "podman-plugins-2:4.4.1-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@4.4.1-3.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-remote-2:4.4.1-3.el9.aarch64",
"product": {
"name": "podman-remote-2:4.4.1-3.el9.aarch64",
"product_id": "podman-remote-2:4.4.1-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@4.4.1-3.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-tests-2:4.4.1-3.el9.aarch64",
"product": {
"name": "podman-tests-2:4.4.1-3.el9.aarch64",
"product_id": "podman-tests-2:4.4.1-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@4.4.1-3.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-2:4.4.1-3.el9.aarch64",
"product": {
"name": "podman-debugsource-2:4.4.1-3.el9.aarch64",
"product_id": "podman-debugsource-2:4.4.1-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@4.4.1-3.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-2:4.4.1-3.el9.aarch64",
"product": {
"name": "podman-debuginfo-2:4.4.1-3.el9.aarch64",
"product_id": "podman-debuginfo-2:4.4.1-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@4.4.1-3.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.aarch64",
"product": {
"name": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.aarch64",
"product_id": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy-debuginfo@4.4.1-3.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-2:4.4.1-3.el9.aarch64",
"product": {
"name": "podman-plugins-debuginfo-2:4.4.1-3.el9.aarch64",
"product_id": "podman-plugins-debuginfo-2:4.4.1-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@4.4.1-3.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-2:4.4.1-3.el9.aarch64",
"product": {
"name": "podman-remote-debuginfo-2:4.4.1-3.el9.aarch64",
"product_id": "podman-remote-debuginfo-2:4.4.1-3.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@4.4.1-3.el9?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-2:4.4.1-3.el9.ppc64le",
"product": {
"name": "podman-2:4.4.1-3.el9.ppc64le",
"product_id": "podman-2:4.4.1-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@4.4.1-3.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-2:4.4.1-3.el9.ppc64le",
"product": {
"name": "podman-gvproxy-2:4.4.1-3.el9.ppc64le",
"product_id": "podman-gvproxy-2:4.4.1-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy@4.4.1-3.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-2:4.4.1-3.el9.ppc64le",
"product": {
"name": "podman-plugins-2:4.4.1-3.el9.ppc64le",
"product_id": "podman-plugins-2:4.4.1-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@4.4.1-3.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-remote-2:4.4.1-3.el9.ppc64le",
"product": {
"name": "podman-remote-2:4.4.1-3.el9.ppc64le",
"product_id": "podman-remote-2:4.4.1-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@4.4.1-3.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-tests-2:4.4.1-3.el9.ppc64le",
"product": {
"name": "podman-tests-2:4.4.1-3.el9.ppc64le",
"product_id": "podman-tests-2:4.4.1-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@4.4.1-3.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-2:4.4.1-3.el9.ppc64le",
"product": {
"name": "podman-debugsource-2:4.4.1-3.el9.ppc64le",
"product_id": "podman-debugsource-2:4.4.1-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@4.4.1-3.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-2:4.4.1-3.el9.ppc64le",
"product": {
"name": "podman-debuginfo-2:4.4.1-3.el9.ppc64le",
"product_id": "podman-debuginfo-2:4.4.1-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@4.4.1-3.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.ppc64le",
"product": {
"name": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.ppc64le",
"product_id": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy-debuginfo@4.4.1-3.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-2:4.4.1-3.el9.ppc64le",
"product": {
"name": "podman-plugins-debuginfo-2:4.4.1-3.el9.ppc64le",
"product_id": "podman-plugins-debuginfo-2:4.4.1-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@4.4.1-3.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-2:4.4.1-3.el9.ppc64le",
"product": {
"name": "podman-remote-debuginfo-2:4.4.1-3.el9.ppc64le",
"product_id": "podman-remote-debuginfo-2:4.4.1-3.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@4.4.1-3.el9?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-2:4.4.1-3.el9.x86_64",
"product": {
"name": "podman-2:4.4.1-3.el9.x86_64",
"product_id": "podman-2:4.4.1-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@4.4.1-3.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-2:4.4.1-3.el9.x86_64",
"product": {
"name": "podman-gvproxy-2:4.4.1-3.el9.x86_64",
"product_id": "podman-gvproxy-2:4.4.1-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy@4.4.1-3.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-2:4.4.1-3.el9.x86_64",
"product": {
"name": "podman-plugins-2:4.4.1-3.el9.x86_64",
"product_id": "podman-plugins-2:4.4.1-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@4.4.1-3.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-remote-2:4.4.1-3.el9.x86_64",
"product": {
"name": "podman-remote-2:4.4.1-3.el9.x86_64",
"product_id": "podman-remote-2:4.4.1-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@4.4.1-3.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-tests-2:4.4.1-3.el9.x86_64",
"product": {
"name": "podman-tests-2:4.4.1-3.el9.x86_64",
"product_id": "podman-tests-2:4.4.1-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@4.4.1-3.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-2:4.4.1-3.el9.x86_64",
"product": {
"name": "podman-debugsource-2:4.4.1-3.el9.x86_64",
"product_id": "podman-debugsource-2:4.4.1-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@4.4.1-3.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-2:4.4.1-3.el9.x86_64",
"product": {
"name": "podman-debuginfo-2:4.4.1-3.el9.x86_64",
"product_id": "podman-debuginfo-2:4.4.1-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@4.4.1-3.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.x86_64",
"product": {
"name": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.x86_64",
"product_id": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy-debuginfo@4.4.1-3.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-2:4.4.1-3.el9.x86_64",
"product": {
"name": "podman-plugins-debuginfo-2:4.4.1-3.el9.x86_64",
"product_id": "podman-plugins-debuginfo-2:4.4.1-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@4.4.1-3.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-2:4.4.1-3.el9.x86_64",
"product": {
"name": "podman-remote-debuginfo-2:4.4.1-3.el9.x86_64",
"product_id": "podman-remote-debuginfo-2:4.4.1-3.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@4.4.1-3.el9?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-2:4.4.1-3.el9.s390x",
"product": {
"name": "podman-2:4.4.1-3.el9.s390x",
"product_id": "podman-2:4.4.1-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@4.4.1-3.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-2:4.4.1-3.el9.s390x",
"product": {
"name": "podman-gvproxy-2:4.4.1-3.el9.s390x",
"product_id": "podman-gvproxy-2:4.4.1-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy@4.4.1-3.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-2:4.4.1-3.el9.s390x",
"product": {
"name": "podman-plugins-2:4.4.1-3.el9.s390x",
"product_id": "podman-plugins-2:4.4.1-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@4.4.1-3.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-remote-2:4.4.1-3.el9.s390x",
"product": {
"name": "podman-remote-2:4.4.1-3.el9.s390x",
"product_id": "podman-remote-2:4.4.1-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@4.4.1-3.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-tests-2:4.4.1-3.el9.s390x",
"product": {
"name": "podman-tests-2:4.4.1-3.el9.s390x",
"product_id": "podman-tests-2:4.4.1-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@4.4.1-3.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-2:4.4.1-3.el9.s390x",
"product": {
"name": "podman-debugsource-2:4.4.1-3.el9.s390x",
"product_id": "podman-debugsource-2:4.4.1-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@4.4.1-3.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-2:4.4.1-3.el9.s390x",
"product": {
"name": "podman-debuginfo-2:4.4.1-3.el9.s390x",
"product_id": "podman-debuginfo-2:4.4.1-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@4.4.1-3.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.s390x",
"product": {
"name": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.s390x",
"product_id": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-gvproxy-debuginfo@4.4.1-3.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-2:4.4.1-3.el9.s390x",
"product": {
"name": "podman-plugins-debuginfo-2:4.4.1-3.el9.s390x",
"product_id": "podman-plugins-debuginfo-2:4.4.1-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@4.4.1-3.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-2:4.4.1-3.el9.s390x",
"product": {
"name": "podman-remote-debuginfo-2:4.4.1-3.el9.s390x",
"product_id": "podman-remote-debuginfo-2:4.4.1-3.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@4.4.1-3.el9?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-docker-2:4.4.1-3.el9.noarch",
"product": {
"name": "podman-docker-2:4.4.1-3.el9.noarch",
"product_id": "podman-docker-2:4.4.1-3.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-docker@4.4.1-3.el9?arch=noarch\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-2:4.4.1-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.aarch64"
},
"product_reference": "podman-2:4.4.1-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-2:4.4.1-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.ppc64le"
},
"product_reference": "podman-2:4.4.1-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-2:4.4.1-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.s390x"
},
"product_reference": "podman-2:4.4.1-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-2:4.4.1-3.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.src"
},
"product_reference": "podman-2:4.4.1-3.el9.src",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-2:4.4.1-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.x86_64"
},
"product_reference": "podman-2:4.4.1-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-2:4.4.1-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.aarch64"
},
"product_reference": "podman-debuginfo-2:4.4.1-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-2:4.4.1-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.ppc64le"
},
"product_reference": "podman-debuginfo-2:4.4.1-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-2:4.4.1-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.s390x"
},
"product_reference": "podman-debuginfo-2:4.4.1-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-2:4.4.1-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.x86_64"
},
"product_reference": "podman-debuginfo-2:4.4.1-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-2:4.4.1-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.aarch64"
},
"product_reference": "podman-debugsource-2:4.4.1-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-2:4.4.1-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.ppc64le"
},
"product_reference": "podman-debugsource-2:4.4.1-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-2:4.4.1-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.s390x"
},
"product_reference": "podman-debugsource-2:4.4.1-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-2:4.4.1-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.x86_64"
},
"product_reference": "podman-debugsource-2:4.4.1-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-2:4.4.1-3.el9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-docker-2:4.4.1-3.el9.noarch"
},
"product_reference": "podman-docker-2:4.4.1-3.el9.noarch",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-2:4.4.1-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.aarch64"
},
"product_reference": "podman-gvproxy-2:4.4.1-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-2:4.4.1-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.ppc64le"
},
"product_reference": "podman-gvproxy-2:4.4.1-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-2:4.4.1-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.s390x"
},
"product_reference": "podman-gvproxy-2:4.4.1-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-2:4.4.1-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.x86_64"
},
"product_reference": "podman-gvproxy-2:4.4.1-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.aarch64"
},
"product_reference": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.ppc64le"
},
"product_reference": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.s390x"
},
"product_reference": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.x86_64"
},
"product_reference": "podman-gvproxy-debuginfo-2:4.4.1-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-2:4.4.1-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.aarch64"
},
"product_reference": "podman-plugins-2:4.4.1-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-2:4.4.1-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.ppc64le"
},
"product_reference": "podman-plugins-2:4.4.1-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-2:4.4.1-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.s390x"
},
"product_reference": "podman-plugins-2:4.4.1-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-2:4.4.1-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.x86_64"
},
"product_reference": "podman-plugins-2:4.4.1-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-2:4.4.1-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.aarch64"
},
"product_reference": "podman-plugins-debuginfo-2:4.4.1-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-2:4.4.1-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.ppc64le"
},
"product_reference": "podman-plugins-debuginfo-2:4.4.1-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-2:4.4.1-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.s390x"
},
"product_reference": "podman-plugins-debuginfo-2:4.4.1-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-2:4.4.1-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.x86_64"
},
"product_reference": "podman-plugins-debuginfo-2:4.4.1-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-2:4.4.1-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.aarch64"
},
"product_reference": "podman-remote-2:4.4.1-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-2:4.4.1-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.ppc64le"
},
"product_reference": "podman-remote-2:4.4.1-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-2:4.4.1-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.s390x"
},
"product_reference": "podman-remote-2:4.4.1-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-2:4.4.1-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.x86_64"
},
"product_reference": "podman-remote-2:4.4.1-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-2:4.4.1-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.aarch64"
},
"product_reference": "podman-remote-debuginfo-2:4.4.1-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-2:4.4.1-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.ppc64le"
},
"product_reference": "podman-remote-debuginfo-2:4.4.1-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-2:4.4.1-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.s390x"
},
"product_reference": "podman-remote-debuginfo-2:4.4.1-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-2:4.4.1-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.x86_64"
},
"product_reference": "podman-remote-debuginfo-2:4.4.1-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-2:4.4.1-3.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.aarch64"
},
"product_reference": "podman-tests-2:4.4.1-3.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-2:4.4.1-3.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.ppc64le"
},
"product_reference": "podman-tests-2:4.4.1-3.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-2:4.4.1-3.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.s390x"
},
"product_reference": "podman-tests-2:4.4.1-3.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-2:4.4.1-3.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.x86_64"
},
"product_reference": "podman-tests-2:4.4.1-3.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-30629",
"cwe": {
"id": "CWE-331",
"name": "Insufficient Entropy"
},
"discovery_date": "2022-06-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2092793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: session tickets lack random ticket_age_add",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.src",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-docker-2:4.4.1-3.el9.noarch",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30629"
},
{
"category": "external",
"summary": "RHBZ#2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
"url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
}
],
"release_date": "2022-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:01:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.src",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-docker-2:4.4.1-3.el9.noarch",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2282"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.src",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-docker-2:4.4.1-3.el9.noarch",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/tls: session tickets lack random ticket_age_add"
},
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.src",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-docker-2:4.4.1-3.el9.noarch",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:01:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.src",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-docker-2:4.4.1-3.el9.noarch",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2282"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.src",
"AppStream-9.2.0.GA:podman-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-debugsource-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-docker-2:4.4.1-3.el9.noarch",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-gvproxy-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-gvproxy-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-plugins-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-plugins-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-remote-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-remote-debuginfo-2:4.4.1-3.el9.x86_64",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.aarch64",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.ppc64le",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.s390x",
"AppStream-9.2.0.GA:podman-tests-2:4.4.1-3.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
}
]
}
RHSA-2023:2283
Vulnerability from csaf_redhat - Published: 2023-05-09 10:01 - Updated: 2026-05-15 02:21Summary
Red Hat Security Advisory: skopeo security and bug fix update
Severity
Moderate
Notes
Topic: An update for skopeo is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.
Security Fix(es):
* golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.
CWE-331 - Insufficient EntropyAffected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for skopeo is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. \n\nSecurity Fix(es):\n\n* golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:2283",
"url": "https://access.redhat.com/errata/RHSA-2023:2283"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index"
},
{
"category": "external",
"summary": "2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "2182318",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182318"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2283.json"
}
],
"title": "Red Hat Security Advisory: skopeo security and bug fix update",
"tracking": {
"current_release_date": "2026-05-15T02:21:33+00:00",
"generator": {
"date": "2026-05-15T02:21:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2023:2283",
"initial_release_date": "2023-05-09T10:01:47+00:00",
"revision_history": [
{
"date": "2023-05-09T10:01:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-09T10:01:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-15T02:21:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.11.2-0.1.el9.src",
"product": {
"name": "skopeo-2:1.11.2-0.1.el9.src",
"product_id": "skopeo-2:1.11.2-0.1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.11.2-0.1.el9?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.11.2-0.1.el9.aarch64",
"product": {
"name": "skopeo-2:1.11.2-0.1.el9.aarch64",
"product_id": "skopeo-2:1.11.2-0.1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.11.2-0.1.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.11.2-0.1.el9.aarch64",
"product": {
"name": "skopeo-tests-2:1.11.2-0.1.el9.aarch64",
"product_id": "skopeo-tests-2:1.11.2-0.1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.11.2-0.1.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.11.2-0.1.el9.aarch64",
"product": {
"name": "skopeo-debugsource-2:1.11.2-0.1.el9.aarch64",
"product_id": "skopeo-debugsource-2:1.11.2-0.1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.11.2-0.1.el9?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.11.2-0.1.el9.aarch64",
"product": {
"name": "skopeo-debuginfo-2:1.11.2-0.1.el9.aarch64",
"product_id": "skopeo-debuginfo-2:1.11.2-0.1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.11.2-0.1.el9?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.11.2-0.1.el9.ppc64le",
"product": {
"name": "skopeo-2:1.11.2-0.1.el9.ppc64le",
"product_id": "skopeo-2:1.11.2-0.1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.11.2-0.1.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.11.2-0.1.el9.ppc64le",
"product": {
"name": "skopeo-tests-2:1.11.2-0.1.el9.ppc64le",
"product_id": "skopeo-tests-2:1.11.2-0.1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.11.2-0.1.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.11.2-0.1.el9.ppc64le",
"product": {
"name": "skopeo-debugsource-2:1.11.2-0.1.el9.ppc64le",
"product_id": "skopeo-debugsource-2:1.11.2-0.1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.11.2-0.1.el9?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.11.2-0.1.el9.ppc64le",
"product": {
"name": "skopeo-debuginfo-2:1.11.2-0.1.el9.ppc64le",
"product_id": "skopeo-debuginfo-2:1.11.2-0.1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.11.2-0.1.el9?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.11.2-0.1.el9.x86_64",
"product": {
"name": "skopeo-2:1.11.2-0.1.el9.x86_64",
"product_id": "skopeo-2:1.11.2-0.1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.11.2-0.1.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.11.2-0.1.el9.x86_64",
"product": {
"name": "skopeo-tests-2:1.11.2-0.1.el9.x86_64",
"product_id": "skopeo-tests-2:1.11.2-0.1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.11.2-0.1.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.11.2-0.1.el9.x86_64",
"product": {
"name": "skopeo-debugsource-2:1.11.2-0.1.el9.x86_64",
"product_id": "skopeo-debugsource-2:1.11.2-0.1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.11.2-0.1.el9?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.11.2-0.1.el9.x86_64",
"product": {
"name": "skopeo-debuginfo-2:1.11.2-0.1.el9.x86_64",
"product_id": "skopeo-debuginfo-2:1.11.2-0.1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.11.2-0.1.el9?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.11.2-0.1.el9.s390x",
"product": {
"name": "skopeo-2:1.11.2-0.1.el9.s390x",
"product_id": "skopeo-2:1.11.2-0.1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.11.2-0.1.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.11.2-0.1.el9.s390x",
"product": {
"name": "skopeo-tests-2:1.11.2-0.1.el9.s390x",
"product_id": "skopeo-tests-2:1.11.2-0.1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.11.2-0.1.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.11.2-0.1.el9.s390x",
"product": {
"name": "skopeo-debugsource-2:1.11.2-0.1.el9.s390x",
"product_id": "skopeo-debugsource-2:1.11.2-0.1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.11.2-0.1.el9?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.11.2-0.1.el9.s390x",
"product": {
"name": "skopeo-debuginfo-2:1.11.2-0.1.el9.s390x",
"product_id": "skopeo-debuginfo-2:1.11.2-0.1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.11.2-0.1.el9?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.11.2-0.1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.aarch64"
},
"product_reference": "skopeo-2:1.11.2-0.1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.11.2-0.1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.ppc64le"
},
"product_reference": "skopeo-2:1.11.2-0.1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.11.2-0.1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.s390x"
},
"product_reference": "skopeo-2:1.11.2-0.1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.11.2-0.1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.src"
},
"product_reference": "skopeo-2:1.11.2-0.1.el9.src",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.11.2-0.1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.x86_64"
},
"product_reference": "skopeo-2:1.11.2-0.1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.11.2-0.1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.aarch64"
},
"product_reference": "skopeo-debuginfo-2:1.11.2-0.1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.11.2-0.1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.ppc64le"
},
"product_reference": "skopeo-debuginfo-2:1.11.2-0.1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.11.2-0.1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.s390x"
},
"product_reference": "skopeo-debuginfo-2:1.11.2-0.1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.11.2-0.1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.x86_64"
},
"product_reference": "skopeo-debuginfo-2:1.11.2-0.1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.11.2-0.1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.aarch64"
},
"product_reference": "skopeo-debugsource-2:1.11.2-0.1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.11.2-0.1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.ppc64le"
},
"product_reference": "skopeo-debugsource-2:1.11.2-0.1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.11.2-0.1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.s390x"
},
"product_reference": "skopeo-debugsource-2:1.11.2-0.1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.11.2-0.1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.x86_64"
},
"product_reference": "skopeo-debugsource-2:1.11.2-0.1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.11.2-0.1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.aarch64"
},
"product_reference": "skopeo-tests-2:1.11.2-0.1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.11.2-0.1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.ppc64le"
},
"product_reference": "skopeo-tests-2:1.11.2-0.1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.11.2-0.1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.s390x"
},
"product_reference": "skopeo-tests-2:1.11.2-0.1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.11.2-0.1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.x86_64"
},
"product_reference": "skopeo-tests-2:1.11.2-0.1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-30629",
"cwe": {
"id": "CWE-331",
"name": "Insufficient Entropy"
},
"discovery_date": "2022-06-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2092793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: session tickets lack random ticket_age_add",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.src",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30629"
},
{
"category": "external",
"summary": "RHBZ#2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
"url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
}
],
"release_date": "2022-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:01:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.src",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2283"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.src",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/tls: session tickets lack random ticket_age_add"
},
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.src",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:01:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.src",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2283"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.src",
"AppStream-9.2.0.GA:skopeo-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-debuginfo-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-debugsource-2:1.11.2-0.1.el9.x86_64",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.aarch64",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.ppc64le",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.s390x",
"AppStream-9.2.0.GA:skopeo-tests-2:1.11.2-0.1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
}
]
}
RHSA-2023:2357
Vulnerability from csaf_redhat - Published: 2023-05-09 10:03 - Updated: 2026-05-28 20:28Summary
Red Hat Security Advisory: git-lfs security and bug fix update
Severity
Moderate
Notes
Topic: An update for git-lfs is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.
Security Fix(es):
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.
6.5 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request's form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
6.5 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.
6.5 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.
6.5 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.
6.5 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
73 references
Acknowledgments
Head of Research, Oxeye
Daniel Abeles
Security Researcher, Oxeye
Gal Goldstein
ADA Logics
Adam Korczynski
OSS-Fuzz
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for git-lfs is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.\n\nSecurity Fix(es):\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:2357",
"url": "https://access.redhat.com/errata/RHSA-2023:2357"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index"
},
{
"category": "external",
"summary": "2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "2139383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139383"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2357.json"
}
],
"title": "Red Hat Security Advisory: git-lfs security and bug fix update",
"tracking": {
"current_release_date": "2026-05-28T20:28:29+00:00",
"generator": {
"date": "2026-05-28T20:28:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:2357",
"initial_release_date": "2023-05-09T10:03:05+00:00",
"revision_history": [
{
"date": "2023-05-09T10:03:05+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-09T10:03:05+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-28T20:28:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.2.0-1.el9.src",
"product": {
"name": "git-lfs-0:3.2.0-1.el9.src",
"product_id": "git-lfs-0:3.2.0-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.2.0-1.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.2.0-1.el9.aarch64",
"product": {
"name": "git-lfs-0:3.2.0-1.el9.aarch64",
"product_id": "git-lfs-0:3.2.0-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.2.0-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"product": {
"name": "git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"product_id": "git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.2.0-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"product": {
"name": "git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"product_id": "git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.2.0-1.el9?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.2.0-1.el9.ppc64le",
"product": {
"name": "git-lfs-0:3.2.0-1.el9.ppc64le",
"product_id": "git-lfs-0:3.2.0-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.2.0-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"product": {
"name": "git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"product_id": "git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.2.0-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"product": {
"name": "git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"product_id": "git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.2.0-1.el9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.2.0-1.el9.x86_64",
"product": {
"name": "git-lfs-0:3.2.0-1.el9.x86_64",
"product_id": "git-lfs-0:3.2.0-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.2.0-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:3.2.0-1.el9.x86_64",
"product": {
"name": "git-lfs-debugsource-0:3.2.0-1.el9.x86_64",
"product_id": "git-lfs-debugsource-0:3.2.0-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.2.0-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"product": {
"name": "git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"product_id": "git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.2.0-1.el9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.2.0-1.el9.s390x",
"product": {
"name": "git-lfs-0:3.2.0-1.el9.s390x",
"product_id": "git-lfs-0:3.2.0-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.2.0-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"product": {
"name": "git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"product_id": "git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.2.0-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"product": {
"name": "git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"product_id": "git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.2.0-1.el9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.2.0-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64"
},
"product_reference": "git-lfs-0:3.2.0-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.2.0-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le"
},
"product_reference": "git-lfs-0:3.2.0-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.2.0-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x"
},
"product_reference": "git-lfs-0:3.2.0-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.2.0-1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src"
},
"product_reference": "git-lfs-0:3.2.0-1.el9.src",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.2.0-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64"
},
"product_reference": "git-lfs-0:3.2.0-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:3.2.0-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64"
},
"product_reference": "git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le"
},
"product_reference": "git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:3.2.0-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x"
},
"product_reference": "git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:3.2.0-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64"
},
"product_reference": "git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:3.2.0-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64"
},
"product_reference": "git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:3.2.0-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le"
},
"product_reference": "git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:3.2.0-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x"
},
"product_reference": "git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:3.2.0-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
},
"product_reference": "git-lfs-debugsource-0:3.2.0-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1705",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107374"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: improper sanitization of Transfer-Encoding header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1705"
},
{
"category": "external",
"summary": "RHBZ#2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
},
{
"category": "external",
"summary": "https://go.dev/issue/53188",
"url": "https://go.dev/issue/53188"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:03:05+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2357"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: improper sanitization of Transfer-Encoding header"
},
{
"acknowledgments": [
{
"names": [
"Daniel Abeles"
],
"organization": "Head of Research, Oxeye"
},
{
"names": [
"Gal Goldstein"
],
"organization": "Security Researcher, Oxeye"
}
],
"cve": "CVE-2022-2880",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-10-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132868"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2880"
},
{
"category": "external",
"summary": "RHBZ#2132868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/54663",
"url": "https://github.com/golang/go/issues/54663"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:03:05+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2357"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters"
},
{
"cve": "CVE-2022-27664",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2124669"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: handle server errors after sending GOAWAY",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "RHBZ#2124669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
},
{
"category": "external",
"summary": "https://go.dev/issue/54658",
"url": "https://go.dev/issue/54658"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
}
],
"release_date": "2022-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:03:05+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2357"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: handle server errors after sending GOAWAY"
},
{
"cve": "CVE-2022-30630",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107371"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: io/fs: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RH ProdSec has set the Impact of this vulnerability to Moderate as there is no known method to execute arbitary code. Successful exploitation of this bug can cause the application under attack to panic, merely causing a Denial of Service at the application level. As the kernel is unaffected by this bug, the user can merely relaunch the application to fix the problem. Also, if somehow the application keeps relaunching, the timer watchdogs in the default RHEL kernel will stop the attack in its tracks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30630"
},
{
"category": "external",
"summary": "RHBZ#2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
},
{
"category": "external",
"summary": "https://go.dev/issue/53415",
"url": "https://go.dev/issue/53415"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:03:05+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2357"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: io/fs: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30632",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: path/filepath: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30632"
},
{
"category": "external",
"summary": "RHBZ#2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
},
{
"category": "external",
"summary": "https://go.dev/issue/53416",
"url": "https://go.dev/issue/53416"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:03:05+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2357"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: path/filepath: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30635",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/gob: stack exhaustion in Decoder.Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.The vulnerability has been rated as moderate instead of high because the vulnerability can only result in a minor denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30635"
},
{
"category": "external",
"summary": "RHBZ#2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635"
},
{
"category": "external",
"summary": "https://go.dev/issue/53615",
"url": "https://go.dev/issue/53615"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:03:05+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2357"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/gob: stack exhaustion in Decoder.Decode"
},
{
"cve": "CVE-2022-32148",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32148"
},
{
"category": "external",
"summary": "RHBZ#2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148"
},
{
"category": "external",
"summary": "https://go.dev/issue/53423",
"url": "https://go.dev/issue/53423"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:03:05+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2357"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working"
},
{
"cve": "CVE-2022-32189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-08-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2113814"
}
],
"notes": [
{
"category": "description",
"text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32189"
},
{
"category": "external",
"summary": "RHBZ#2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189"
},
{
"category": "external",
"summary": "https://go.dev/issue/53871",
"url": "https://go.dev/issue/53871"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU",
"url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU"
}
],
"release_date": "2022-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:03:05+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2357"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service"
},
{
"acknowledgments": [
{
"names": [
"Adam Korczynski"
],
"organization": "ADA Logics"
},
{
"names": [
"OSS-Fuzz"
]
}
],
"cve": "CVE-2022-41715",
"discovery_date": "2022-10-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2132872"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp/syntax: limit memory used by parsing regexps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41715"
},
{
"category": "external",
"summary": "RHBZ#2132872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/55949",
"url": "https://github.com/golang/go/issues/55949"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1",
"url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1"
}
],
"release_date": "2022-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:03:05+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2357"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp/syntax: limit memory used by parsing regexps"
},
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T10:03:05+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2357"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.src",
"AppStream-9.2.0.GA:git-lfs-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debuginfo-0:3.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:git-lfs-debugsource-0:3.2.0-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
}
]
}
RHSA-2023:2367
Vulnerability from csaf_redhat - Published: 2023-05-09 09:50 - Updated: 2026-05-15 02:21Summary
Red Hat Security Advisory: containernetworking-plugins security and bug fix update
Severity
Moderate
Notes
Topic: An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted.
Security Fix(es):
* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.
CWE-331 - Insufficient EntropyAffected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted. \n\nSecurity Fix(es):\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:2367",
"url": "https://access.redhat.com/errata/RHSA-2023:2367"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index"
},
{
"category": "external",
"summary": "2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "2129076",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129076"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2367.json"
}
],
"title": "Red Hat Security Advisory: containernetworking-plugins security and bug fix update",
"tracking": {
"current_release_date": "2026-05-15T02:21:29+00:00",
"generator": {
"date": "2026-05-15T02:21:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2023:2367",
"initial_release_date": "2023-05-09T09:50:34+00:00",
"revision_history": [
{
"date": "2023-05-09T09:50:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-09T09:50:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-15T02:21:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.2.0-1.el9.src",
"product": {
"name": "containernetworking-plugins-1:1.2.0-1.el9.src",
"product_id": "containernetworking-plugins-1:1.2.0-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.2.0-1.el9?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.2.0-1.el9.aarch64",
"product": {
"name": "containernetworking-plugins-1:1.2.0-1.el9.aarch64",
"product_id": "containernetworking-plugins-1:1.2.0-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.2.0-1.el9?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debugsource-1:1.2.0-1.el9.aarch64",
"product": {
"name": "containernetworking-plugins-debugsource-1:1.2.0-1.el9.aarch64",
"product_id": "containernetworking-plugins-debugsource-1:1.2.0-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debugsource@1.2.0-1.el9?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debuginfo-1:1.2.0-1.el9.aarch64",
"product": {
"name": "containernetworking-plugins-debuginfo-1:1.2.0-1.el9.aarch64",
"product_id": "containernetworking-plugins-debuginfo-1:1.2.0-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debuginfo@1.2.0-1.el9?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.2.0-1.el9.ppc64le",
"product": {
"name": "containernetworking-plugins-1:1.2.0-1.el9.ppc64le",
"product_id": "containernetworking-plugins-1:1.2.0-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.2.0-1.el9?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debugsource-1:1.2.0-1.el9.ppc64le",
"product": {
"name": "containernetworking-plugins-debugsource-1:1.2.0-1.el9.ppc64le",
"product_id": "containernetworking-plugins-debugsource-1:1.2.0-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debugsource@1.2.0-1.el9?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debuginfo-1:1.2.0-1.el9.ppc64le",
"product": {
"name": "containernetworking-plugins-debuginfo-1:1.2.0-1.el9.ppc64le",
"product_id": "containernetworking-plugins-debuginfo-1:1.2.0-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debuginfo@1.2.0-1.el9?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.2.0-1.el9.x86_64",
"product": {
"name": "containernetworking-plugins-1:1.2.0-1.el9.x86_64",
"product_id": "containernetworking-plugins-1:1.2.0-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.2.0-1.el9?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debugsource-1:1.2.0-1.el9.x86_64",
"product": {
"name": "containernetworking-plugins-debugsource-1:1.2.0-1.el9.x86_64",
"product_id": "containernetworking-plugins-debugsource-1:1.2.0-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debugsource@1.2.0-1.el9?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debuginfo-1:1.2.0-1.el9.x86_64",
"product": {
"name": "containernetworking-plugins-debuginfo-1:1.2.0-1.el9.x86_64",
"product_id": "containernetworking-plugins-debuginfo-1:1.2.0-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debuginfo@1.2.0-1.el9?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.2.0-1.el9.s390x",
"product": {
"name": "containernetworking-plugins-1:1.2.0-1.el9.s390x",
"product_id": "containernetworking-plugins-1:1.2.0-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.2.0-1.el9?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debugsource-1:1.2.0-1.el9.s390x",
"product": {
"name": "containernetworking-plugins-debugsource-1:1.2.0-1.el9.s390x",
"product_id": "containernetworking-plugins-debugsource-1:1.2.0-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debugsource@1.2.0-1.el9?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debuginfo-1:1.2.0-1.el9.s390x",
"product": {
"name": "containernetworking-plugins-debuginfo-1:1.2.0-1.el9.s390x",
"product_id": "containernetworking-plugins-debuginfo-1:1.2.0-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debuginfo@1.2.0-1.el9?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.2.0-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.aarch64"
},
"product_reference": "containernetworking-plugins-1:1.2.0-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.2.0-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.ppc64le"
},
"product_reference": "containernetworking-plugins-1:1.2.0-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.2.0-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.s390x"
},
"product_reference": "containernetworking-plugins-1:1.2.0-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.2.0-1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.src"
},
"product_reference": "containernetworking-plugins-1:1.2.0-1.el9.src",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.2.0-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.x86_64"
},
"product_reference": "containernetworking-plugins-1:1.2.0-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debuginfo-1:1.2.0-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.aarch64"
},
"product_reference": "containernetworking-plugins-debuginfo-1:1.2.0-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debuginfo-1:1.2.0-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.ppc64le"
},
"product_reference": "containernetworking-plugins-debuginfo-1:1.2.0-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debuginfo-1:1.2.0-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.s390x"
},
"product_reference": "containernetworking-plugins-debuginfo-1:1.2.0-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debuginfo-1:1.2.0-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.x86_64"
},
"product_reference": "containernetworking-plugins-debuginfo-1:1.2.0-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debugsource-1:1.2.0-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.aarch64"
},
"product_reference": "containernetworking-plugins-debugsource-1:1.2.0-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debugsource-1:1.2.0-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.ppc64le"
},
"product_reference": "containernetworking-plugins-debugsource-1:1.2.0-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debugsource-1:1.2.0-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.s390x"
},
"product_reference": "containernetworking-plugins-debugsource-1:1.2.0-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.2.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debugsource-1:1.2.0-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.x86_64"
},
"product_reference": "containernetworking-plugins-debugsource-1:1.2.0-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-30629",
"cwe": {
"id": "CWE-331",
"name": "Insufficient Entropy"
},
"discovery_date": "2022-06-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2092793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: session tickets lack random ticket_age_add",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.src",
"AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30629"
},
{
"category": "external",
"summary": "RHBZ#2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
"url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
}
],
"release_date": "2022-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T09:50:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.src",
"AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2367"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.src",
"AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/tls: session tickets lack random ticket_age_add"
},
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.src",
"AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-09T09:50:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.src",
"AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2367"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.src",
"AppStream-9.2.0.GA:containernetworking-plugins-1:1.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:containernetworking-plugins-debuginfo-1:1.2.0-1.el9.x86_64",
"AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.aarch64",
"AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.ppc64le",
"AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.s390x",
"AppStream-9.2.0.GA:containernetworking-plugins-debugsource-1:1.2.0-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
}
]
}
RHSA-2023:2728
Vulnerability from csaf_redhat - Published: 2023-05-10 18:57 - Updated: 2026-04-30 13:12Summary
Red Hat Security Advisory: Red Hat OpenShift Distributed Tracing 2.8.0 security update
Severity
Moderate
Notes
Topic: Updated Red Hat OpenShift Distributed Tracing 2.8 container images are now
available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Red Hat OpenShift Distributed Tracing 2.8 container images have been updated. CVE-2022-41717 was fixed as part of this release.
Users of Red Hat OpenShift Distributed Tracing 2.8 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs, and add these enhancements.
Tempo Operator added as Tech Preview.
You can find images updated by this advisory in Red Hat Container Catalog (see
References).
Security Fix(es):
* golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, see the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
42 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/jaeger-agent-rhel8@sha256:8a43f264074ee58981c8a80becceb4fca6488a641882b56ac19c11b19a8107e2_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/jaeger-agent-rhel8@sha256:b689645b06be8513d1960c4431ada2f7615d72cdc5df43adac38bd161b266a25_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/jaeger-agent-rhel8@sha256:c328aa56ba47b44064ef4bdb049078845fcd69604ce4a999817804781a5f0149_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/jaeger-all-in-one-rhel8@sha256:0b20755ee5537736b1fe1371bd0052a48cafe921c49019bb9b370ec2973fa08d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/jaeger-all-in-one-rhel8@sha256:251e1a11abbb91bf0316c27242cc5f965f276dfecb388c19f9dfd93bc894622b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/jaeger-all-in-one-rhel8@sha256:e4bb5f4ec8077fd88d504bbdf9dc776011ec4bb459a6f8716c26ab0e62cbf70e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/jaeger-collector-rhel8@sha256:1bd71465d819d4698e6f22f22c2b85b582602197aa7ce200ed8359cc5eb5651c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/jaeger-collector-rhel8@sha256:b8f0ecc3f3f5e6ef95795b5d6e4c1101ac262798bc7f98d88a4d72c9bb8df2de_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/jaeger-collector-rhel8@sha256:ff04f6b0953c885bac0b58c0373eef52cc667901df03ecf40568c30132d46f31_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1ad7cb4a53bba1ce64294865f2ea98bea7e12abc8b2ce3fb929b4ac6c7a9e534_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2faac03b2c880856c059d1eba1ec41d464115a2ad26fa1fac53de5aebcae91e5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:98fe80fbd583a0f52d96045196806fdc4564ec3dd6baf06ab5d2e69bd4e78c3b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/jaeger-es-rollover-rhel8@sha256:0bfe941f7a7af8f9d7aebeb7705837c3aa5858f6b282c511659d82bb71b466b1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/jaeger-es-rollover-rhel8@sha256:75b3492d01d93b5f14dd8b8cae913f4c9a379cde9738b16b653f17065f461004_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/jaeger-es-rollover-rhel8@sha256:8936533e85752a84a10dde80dd637bd362af950a5b71b4d89929e704cc22cbd2_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/jaeger-ingester-rhel8@sha256:1374bd615cd61d87b6d2a0fe2a41d40cfb6ff88cd652bcb1cdeedea7bc222394_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/jaeger-ingester-rhel8@sha256:496ff69d2598e54e2ca83e6c2ea10d471ad152711423932b28c70dc7265a99e8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/jaeger-ingester-rhel8@sha256:8713a0e37285d6e5c7133221c07dcf4012d832bd47bf6657829fbfa4add1d049_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/jaeger-query-rhel8@sha256:0fb36c45aeaf6ce09946a3bc90637a1d9a118f3d86c950105a916263de49501e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/jaeger-query-rhel8@sha256:104db728c93ca8fd7a3abd8889e6a0d1ec4db34ea6e2d4350dba029651adeb17_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/jaeger-query-rhel8@sha256:c6cb58f3440abb96c0ad5d3837131836cd8cd0b0e30582bf6fecdd2ec7f23fb5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/jaeger-rhel8-operator@sha256:21ba897b333be9d40a02d4ea2c89af013331b3c06fbb86c5a9759f61039086f9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/jaeger-rhel8-operator@sha256:45aa2c351ee0e9cc8bbcb2cdedd6e673f3196464529a44be6ec74cc150eb6751_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/jaeger-rhel8-operator@sha256:69b565bd59f81777c857981508eaa4a177a8d1a0ffb96507758cde425681e36e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/opentelemetry-collector-rhel8@sha256:00416535e7d8201734bf0f7d7f3279c064eb1311b8d64b89784622a05bc65244_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/opentelemetry-collector-rhel8@sha256:b7873e3eb7d40a27c638644474e04ddc364b77ec1ad1399e35da38fce22fc0b6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/opentelemetry-collector-rhel8@sha256:db9c1a9684e33ddb8f4967f6d2ecd5c2969d1fd358ee9f7de2d991d2e6653936_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/opentelemetry-rhel8-operator@sha256:2d81f81659c6d9f4aa3ebeacf60f13ccd3365772114ab5df9bc099f7ea2ec033_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/opentelemetry-rhel8-operator@sha256:8e34697b56eae5a94f96d20195aeb9310c42b8ab608e1afdab2f680d2fc391ad_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/opentelemetry-rhel8-operator@sha256:983a171835f9ab509e96c79f7e2a6b0baaf253aa83abb328a3a0a6af25a34499_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/tempo-gateway-rhel8@sha256:1c8422e6085eb89fa74067651714d19f76c1eed5af90a339268cc699755eb68b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/tempo-gateway-rhel8@sha256:5750eddfc102b827318e8a916ba96d0c07dc0ff57aee73b63f1b8ff430865e6b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/tempo-gateway-rhel8@sha256:60245023f0b9f00afeb40c130cef36f2efa63d5c6416eee69d1523cae7addb45_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/tempo-query-rhel8@sha256:30d4f50afa01afd9e21a6fb36fff2a4d6ded4d354a06745d92b6d08cd6f995c2_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/tempo-query-rhel8@sha256:982bf7bd95a2fbfef36ec5aa70fdb6812f973dd23ebb525b3c017b03cdc8a15a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/tempo-query-rhel8@sha256:fd1ae22f59b180cf0ea59df3e405d98e252305efd98ff0e1fc15bdda19c18c28_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/tempo-rhel8-operator@sha256:79472b5856d5aec5b5d321f95297ed7e7c4a46c82b2a894b638911da428312b4_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/tempo-rhel8-operator@sha256:7a9e324e998eec2a60300b21a2bba25bfef6403177163d3925cf9167d9bc8fe8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/tempo-rhel8-operator@sha256:f4835973248c4cc72ec1fcf6a2bfed9903bd857cfc56df123a6ab6a331a5522f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/tempo-rhel8@sha256:0dbdf5051a2b1ba9fb0ee210e2713ed9f3d39e9c159395b8e179012b67f9bc6c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/tempo-rhel8@sha256:9e2192e6d95248c549045c6bb147d185969abe85f27c27dfa8e1dc5417b1749e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSDT-2.8:rhosdt/tempo-rhel8@sha256:d8ecbfeeba3a8d0f4b32d6e35e3c21685f62aaec5be63c039f2e85964ab03052_ppc64le | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Red Hat OpenShift Distributed Tracing 2.8 container images are now\navailable.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Red Hat OpenShift Distributed Tracing 2.8 container images have been updated. CVE-2022-41717 was fixed as part of this release.\n\nUsers of Red Hat OpenShift Distributed Tracing 2.8 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs, and add these enhancements.\n\nTempo Operator added as Tech Preview.\n\nYou can find images updated by this advisory in Red Hat Container Catalog (see\nReferences).\n\nSecurity Fix(es):\n\n* golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, see the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:2728",
"url": "https://access.redhat.com/errata/RHSA-2023:2728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/containers",
"url": "https://access.redhat.com/containers"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2728.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Distributed Tracing 2.8.0 security update",
"tracking": {
"current_release_date": "2026-04-30T13:12:39+00:00",
"generator": {
"date": "2026-04-30T13:12:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2023:2728",
"initial_release_date": "2023-05-10T18:57:18+00:00",
"revision_history": [
{
"date": "2023-05-10T18:57:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-10T18:57:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T13:12:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift distributed tracing 2.8",
"product": {
"name": "Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2.8::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift distributed tracing"
},
{
"branches": [
{
"category": "product_version",
"name": "rhosdt/jaeger-agent-rhel8@sha256:b689645b06be8513d1960c4431ada2f7615d72cdc5df43adac38bd161b266a25_amd64",
"product": {
"name": "rhosdt/jaeger-agent-rhel8@sha256:b689645b06be8513d1960c4431ada2f7615d72cdc5df43adac38bd161b266a25_amd64",
"product_id": "rhosdt/jaeger-agent-rhel8@sha256:b689645b06be8513d1960c4431ada2f7615d72cdc5df43adac38bd161b266a25_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256:b689645b06be8513d1960c4431ada2f7615d72cdc5df43adac38bd161b266a25?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-agent-rhel8\u0026tag=1.42.0-6"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:e4bb5f4ec8077fd88d504bbdf9dc776011ec4bb459a6f8716c26ab0e62cbf70e_amd64",
"product": {
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:e4bb5f4ec8077fd88d504bbdf9dc776011ec4bb459a6f8716c26ab0e62cbf70e_amd64",
"product_id": "rhosdt/jaeger-all-in-one-rhel8@sha256:e4bb5f4ec8077fd88d504bbdf9dc776011ec4bb459a6f8716c26ab0e62cbf70e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:e4bb5f4ec8077fd88d504bbdf9dc776011ec4bb459a6f8716c26ab0e62cbf70e?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8\u0026tag=1.42.0-4"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-collector-rhel8@sha256:1bd71465d819d4698e6f22f22c2b85b582602197aa7ce200ed8359cc5eb5651c_amd64",
"product": {
"name": "rhosdt/jaeger-collector-rhel8@sha256:1bd71465d819d4698e6f22f22c2b85b582602197aa7ce200ed8359cc5eb5651c_amd64",
"product_id": "rhosdt/jaeger-collector-rhel8@sha256:1bd71465d819d4698e6f22f22c2b85b582602197aa7ce200ed8359cc5eb5651c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256:1bd71465d819d4698e6f22f22c2b85b582602197aa7ce200ed8359cc5eb5651c?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-collector-rhel8\u0026tag=1.42.0-6"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2faac03b2c880856c059d1eba1ec41d464115a2ad26fa1fac53de5aebcae91e5_amd64",
"product": {
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2faac03b2c880856c059d1eba1ec41d464115a2ad26fa1fac53de5aebcae91e5_amd64",
"product_id": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2faac03b2c880856c059d1eba1ec41d464115a2ad26fa1fac53de5aebcae91e5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:2faac03b2c880856c059d1eba1ec41d464115a2ad26fa1fac53de5aebcae91e5?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8\u0026tag=1.42.0-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:75b3492d01d93b5f14dd8b8cae913f4c9a379cde9738b16b653f17065f461004_amd64",
"product": {
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:75b3492d01d93b5f14dd8b8cae913f4c9a379cde9738b16b653f17065f461004_amd64",
"product_id": "rhosdt/jaeger-es-rollover-rhel8@sha256:75b3492d01d93b5f14dd8b8cae913f4c9a379cde9738b16b653f17065f461004_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:75b3492d01d93b5f14dd8b8cae913f4c9a379cde9738b16b653f17065f461004?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8\u0026tag=1.42.0-6"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-ingester-rhel8@sha256:8713a0e37285d6e5c7133221c07dcf4012d832bd47bf6657829fbfa4add1d049_amd64",
"product": {
"name": "rhosdt/jaeger-ingester-rhel8@sha256:8713a0e37285d6e5c7133221c07dcf4012d832bd47bf6657829fbfa4add1d049_amd64",
"product_id": "rhosdt/jaeger-ingester-rhel8@sha256:8713a0e37285d6e5c7133221c07dcf4012d832bd47bf6657829fbfa4add1d049_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256:8713a0e37285d6e5c7133221c07dcf4012d832bd47bf6657829fbfa4add1d049?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-ingester-rhel8\u0026tag=1.42.0-6"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-rhel8-operator@sha256:45aa2c351ee0e9cc8bbcb2cdedd6e673f3196464529a44be6ec74cc150eb6751_amd64",
"product": {
"name": "rhosdt/jaeger-rhel8-operator@sha256:45aa2c351ee0e9cc8bbcb2cdedd6e673f3196464529a44be6ec74cc150eb6751_amd64",
"product_id": "rhosdt/jaeger-rhel8-operator@sha256:45aa2c351ee0e9cc8bbcb2cdedd6e673f3196464529a44be6ec74cc150eb6751_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256:45aa2c351ee0e9cc8bbcb2cdedd6e673f3196464529a44be6ec74cc150eb6751?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-rhel8-operator\u0026tag=1.42.0-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-query-rhel8@sha256:c6cb58f3440abb96c0ad5d3837131836cd8cd0b0e30582bf6fecdd2ec7f23fb5_amd64",
"product": {
"name": "rhosdt/jaeger-query-rhel8@sha256:c6cb58f3440abb96c0ad5d3837131836cd8cd0b0e30582bf6fecdd2ec7f23fb5_amd64",
"product_id": "rhosdt/jaeger-query-rhel8@sha256:c6cb58f3440abb96c0ad5d3837131836cd8cd0b0e30582bf6fecdd2ec7f23fb5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256:c6cb58f3440abb96c0ad5d3837131836cd8cd0b0e30582bf6fecdd2ec7f23fb5?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/jaeger-query-rhel8\u0026tag=1.42.0-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:00416535e7d8201734bf0f7d7f3279c064eb1311b8d64b89784622a05bc65244_amd64",
"product": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:00416535e7d8201734bf0f7d7f3279c064eb1311b8d64b89784622a05bc65244_amd64",
"product_id": "rhosdt/opentelemetry-collector-rhel8@sha256:00416535e7d8201734bf0f7d7f3279c064eb1311b8d64b89784622a05bc65244_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel8@sha256:00416535e7d8201734bf0f7d7f3279c064eb1311b8d64b89784622a05bc65244?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-collector-rhel8\u0026tag=0.74.0-4"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:2d81f81659c6d9f4aa3ebeacf60f13ccd3365772114ab5df9bc099f7ea2ec033_amd64",
"product": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:2d81f81659c6d9f4aa3ebeacf60f13ccd3365772114ab5df9bc099f7ea2ec033_amd64",
"product_id": "rhosdt/opentelemetry-rhel8-operator@sha256:2d81f81659c6d9f4aa3ebeacf60f13ccd3365772114ab5df9bc099f7ea2ec033_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel8-operator@sha256:2d81f81659c6d9f4aa3ebeacf60f13ccd3365772114ab5df9bc099f7ea2ec033?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-rhel8-operator\u0026tag=0.74.0-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-rhel8@sha256:9e2192e6d95248c549045c6bb147d185969abe85f27c27dfa8e1dc5417b1749e_amd64",
"product": {
"name": "rhosdt/tempo-rhel8@sha256:9e2192e6d95248c549045c6bb147d185969abe85f27c27dfa8e1dc5417b1749e_amd64",
"product_id": "rhosdt/tempo-rhel8@sha256:9e2192e6d95248c549045c6bb147d185969abe85f27c27dfa8e1dc5417b1749e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8@sha256:9e2192e6d95248c549045c6bb147d185969abe85f27c27dfa8e1dc5417b1749e?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/tempo-rhel8\u0026tag=2.0.1-12"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-gateway-rhel8@sha256:5750eddfc102b827318e8a916ba96d0c07dc0ff57aee73b63f1b8ff430865e6b_amd64",
"product": {
"name": "rhosdt/tempo-gateway-rhel8@sha256:5750eddfc102b827318e8a916ba96d0c07dc0ff57aee73b63f1b8ff430865e6b_amd64",
"product_id": "rhosdt/tempo-gateway-rhel8@sha256:5750eddfc102b827318e8a916ba96d0c07dc0ff57aee73b63f1b8ff430865e6b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel8@sha256:5750eddfc102b827318e8a916ba96d0c07dc0ff57aee73b63f1b8ff430865e6b?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/tempo-gateway-rhel8\u0026tag=0.1.2-7"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-rhel8-operator@sha256:f4835973248c4cc72ec1fcf6a2bfed9903bd857cfc56df123a6ab6a331a5522f_amd64",
"product": {
"name": "rhosdt/tempo-rhel8-operator@sha256:f4835973248c4cc72ec1fcf6a2bfed9903bd857cfc56df123a6ab6a331a5522f_amd64",
"product_id": "rhosdt/tempo-rhel8-operator@sha256:f4835973248c4cc72ec1fcf6a2bfed9903bd857cfc56df123a6ab6a331a5522f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8-operator@sha256:f4835973248c4cc72ec1fcf6a2bfed9903bd857cfc56df123a6ab6a331a5522f?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/tempo-rhel8-operator\u0026tag=0.1.0-6"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-query-rhel8@sha256:fd1ae22f59b180cf0ea59df3e405d98e252305efd98ff0e1fc15bdda19c18c28_amd64",
"product": {
"name": "rhosdt/tempo-query-rhel8@sha256:fd1ae22f59b180cf0ea59df3e405d98e252305efd98ff0e1fc15bdda19c18c28_amd64",
"product_id": "rhosdt/tempo-query-rhel8@sha256:fd1ae22f59b180cf0ea59df3e405d98e252305efd98ff0e1fc15bdda19c18c28_amd64",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel8@sha256:fd1ae22f59b180cf0ea59df3e405d98e252305efd98ff0e1fc15bdda19c18c28?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt/tempo-query-rhel8\u0026tag=0.1.0-6"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhosdt/jaeger-agent-rhel8@sha256:c328aa56ba47b44064ef4bdb049078845fcd69604ce4a999817804781a5f0149_s390x",
"product": {
"name": "rhosdt/jaeger-agent-rhel8@sha256:c328aa56ba47b44064ef4bdb049078845fcd69604ce4a999817804781a5f0149_s390x",
"product_id": "rhosdt/jaeger-agent-rhel8@sha256:c328aa56ba47b44064ef4bdb049078845fcd69604ce4a999817804781a5f0149_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256:c328aa56ba47b44064ef4bdb049078845fcd69604ce4a999817804781a5f0149?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-agent-rhel8\u0026tag=1.42.0-6"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:251e1a11abbb91bf0316c27242cc5f965f276dfecb388c19f9dfd93bc894622b_s390x",
"product": {
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:251e1a11abbb91bf0316c27242cc5f965f276dfecb388c19f9dfd93bc894622b_s390x",
"product_id": "rhosdt/jaeger-all-in-one-rhel8@sha256:251e1a11abbb91bf0316c27242cc5f965f276dfecb388c19f9dfd93bc894622b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:251e1a11abbb91bf0316c27242cc5f965f276dfecb388c19f9dfd93bc894622b?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8\u0026tag=1.42.0-4"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-collector-rhel8@sha256:b8f0ecc3f3f5e6ef95795b5d6e4c1101ac262798bc7f98d88a4d72c9bb8df2de_s390x",
"product": {
"name": "rhosdt/jaeger-collector-rhel8@sha256:b8f0ecc3f3f5e6ef95795b5d6e4c1101ac262798bc7f98d88a4d72c9bb8df2de_s390x",
"product_id": "rhosdt/jaeger-collector-rhel8@sha256:b8f0ecc3f3f5e6ef95795b5d6e4c1101ac262798bc7f98d88a4d72c9bb8df2de_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256:b8f0ecc3f3f5e6ef95795b5d6e4c1101ac262798bc7f98d88a4d72c9bb8df2de?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-collector-rhel8\u0026tag=1.42.0-6"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1ad7cb4a53bba1ce64294865f2ea98bea7e12abc8b2ce3fb929b4ac6c7a9e534_s390x",
"product": {
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1ad7cb4a53bba1ce64294865f2ea98bea7e12abc8b2ce3fb929b4ac6c7a9e534_s390x",
"product_id": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1ad7cb4a53bba1ce64294865f2ea98bea7e12abc8b2ce3fb929b4ac6c7a9e534_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:1ad7cb4a53bba1ce64294865f2ea98bea7e12abc8b2ce3fb929b4ac6c7a9e534?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8\u0026tag=1.42.0-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:0bfe941f7a7af8f9d7aebeb7705837c3aa5858f6b282c511659d82bb71b466b1_s390x",
"product": {
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:0bfe941f7a7af8f9d7aebeb7705837c3aa5858f6b282c511659d82bb71b466b1_s390x",
"product_id": "rhosdt/jaeger-es-rollover-rhel8@sha256:0bfe941f7a7af8f9d7aebeb7705837c3aa5858f6b282c511659d82bb71b466b1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:0bfe941f7a7af8f9d7aebeb7705837c3aa5858f6b282c511659d82bb71b466b1?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8\u0026tag=1.42.0-6"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-ingester-rhel8@sha256:1374bd615cd61d87b6d2a0fe2a41d40cfb6ff88cd652bcb1cdeedea7bc222394_s390x",
"product": {
"name": "rhosdt/jaeger-ingester-rhel8@sha256:1374bd615cd61d87b6d2a0fe2a41d40cfb6ff88cd652bcb1cdeedea7bc222394_s390x",
"product_id": "rhosdt/jaeger-ingester-rhel8@sha256:1374bd615cd61d87b6d2a0fe2a41d40cfb6ff88cd652bcb1cdeedea7bc222394_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256:1374bd615cd61d87b6d2a0fe2a41d40cfb6ff88cd652bcb1cdeedea7bc222394?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-ingester-rhel8\u0026tag=1.42.0-6"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-rhel8-operator@sha256:21ba897b333be9d40a02d4ea2c89af013331b3c06fbb86c5a9759f61039086f9_s390x",
"product": {
"name": "rhosdt/jaeger-rhel8-operator@sha256:21ba897b333be9d40a02d4ea2c89af013331b3c06fbb86c5a9759f61039086f9_s390x",
"product_id": "rhosdt/jaeger-rhel8-operator@sha256:21ba897b333be9d40a02d4ea2c89af013331b3c06fbb86c5a9759f61039086f9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256:21ba897b333be9d40a02d4ea2c89af013331b3c06fbb86c5a9759f61039086f9?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-rhel8-operator\u0026tag=1.42.0-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-query-rhel8@sha256:104db728c93ca8fd7a3abd8889e6a0d1ec4db34ea6e2d4350dba029651adeb17_s390x",
"product": {
"name": "rhosdt/jaeger-query-rhel8@sha256:104db728c93ca8fd7a3abd8889e6a0d1ec4db34ea6e2d4350dba029651adeb17_s390x",
"product_id": "rhosdt/jaeger-query-rhel8@sha256:104db728c93ca8fd7a3abd8889e6a0d1ec4db34ea6e2d4350dba029651adeb17_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256:104db728c93ca8fd7a3abd8889e6a0d1ec4db34ea6e2d4350dba029651adeb17?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/jaeger-query-rhel8\u0026tag=1.42.0-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:b7873e3eb7d40a27c638644474e04ddc364b77ec1ad1399e35da38fce22fc0b6_s390x",
"product": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:b7873e3eb7d40a27c638644474e04ddc364b77ec1ad1399e35da38fce22fc0b6_s390x",
"product_id": "rhosdt/opentelemetry-collector-rhel8@sha256:b7873e3eb7d40a27c638644474e04ddc364b77ec1ad1399e35da38fce22fc0b6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel8@sha256:b7873e3eb7d40a27c638644474e04ddc364b77ec1ad1399e35da38fce22fc0b6?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-collector-rhel8\u0026tag=0.74.0-4"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:8e34697b56eae5a94f96d20195aeb9310c42b8ab608e1afdab2f680d2fc391ad_s390x",
"product": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:8e34697b56eae5a94f96d20195aeb9310c42b8ab608e1afdab2f680d2fc391ad_s390x",
"product_id": "rhosdt/opentelemetry-rhel8-operator@sha256:8e34697b56eae5a94f96d20195aeb9310c42b8ab608e1afdab2f680d2fc391ad_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel8-operator@sha256:8e34697b56eae5a94f96d20195aeb9310c42b8ab608e1afdab2f680d2fc391ad?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-rhel8-operator\u0026tag=0.74.0-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-rhel8@sha256:0dbdf5051a2b1ba9fb0ee210e2713ed9f3d39e9c159395b8e179012b67f9bc6c_s390x",
"product": {
"name": "rhosdt/tempo-rhel8@sha256:0dbdf5051a2b1ba9fb0ee210e2713ed9f3d39e9c159395b8e179012b67f9bc6c_s390x",
"product_id": "rhosdt/tempo-rhel8@sha256:0dbdf5051a2b1ba9fb0ee210e2713ed9f3d39e9c159395b8e179012b67f9bc6c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8@sha256:0dbdf5051a2b1ba9fb0ee210e2713ed9f3d39e9c159395b8e179012b67f9bc6c?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/tempo-rhel8\u0026tag=2.0.1-12"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-gateway-rhel8@sha256:1c8422e6085eb89fa74067651714d19f76c1eed5af90a339268cc699755eb68b_s390x",
"product": {
"name": "rhosdt/tempo-gateway-rhel8@sha256:1c8422e6085eb89fa74067651714d19f76c1eed5af90a339268cc699755eb68b_s390x",
"product_id": "rhosdt/tempo-gateway-rhel8@sha256:1c8422e6085eb89fa74067651714d19f76c1eed5af90a339268cc699755eb68b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel8@sha256:1c8422e6085eb89fa74067651714d19f76c1eed5af90a339268cc699755eb68b?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/tempo-gateway-rhel8\u0026tag=0.1.2-7"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-rhel8-operator@sha256:79472b5856d5aec5b5d321f95297ed7e7c4a46c82b2a894b638911da428312b4_s390x",
"product": {
"name": "rhosdt/tempo-rhel8-operator@sha256:79472b5856d5aec5b5d321f95297ed7e7c4a46c82b2a894b638911da428312b4_s390x",
"product_id": "rhosdt/tempo-rhel8-operator@sha256:79472b5856d5aec5b5d321f95297ed7e7c4a46c82b2a894b638911da428312b4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8-operator@sha256:79472b5856d5aec5b5d321f95297ed7e7c4a46c82b2a894b638911da428312b4?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/tempo-rhel8-operator\u0026tag=0.1.0-6"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-query-rhel8@sha256:30d4f50afa01afd9e21a6fb36fff2a4d6ded4d354a06745d92b6d08cd6f995c2_s390x",
"product": {
"name": "rhosdt/tempo-query-rhel8@sha256:30d4f50afa01afd9e21a6fb36fff2a4d6ded4d354a06745d92b6d08cd6f995c2_s390x",
"product_id": "rhosdt/tempo-query-rhel8@sha256:30d4f50afa01afd9e21a6fb36fff2a4d6ded4d354a06745d92b6d08cd6f995c2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel8@sha256:30d4f50afa01afd9e21a6fb36fff2a4d6ded4d354a06745d92b6d08cd6f995c2?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt/tempo-query-rhel8\u0026tag=0.1.0-6"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhosdt/jaeger-agent-rhel8@sha256:8a43f264074ee58981c8a80becceb4fca6488a641882b56ac19c11b19a8107e2_ppc64le",
"product": {
"name": "rhosdt/jaeger-agent-rhel8@sha256:8a43f264074ee58981c8a80becceb4fca6488a641882b56ac19c11b19a8107e2_ppc64le",
"product_id": "rhosdt/jaeger-agent-rhel8@sha256:8a43f264074ee58981c8a80becceb4fca6488a641882b56ac19c11b19a8107e2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256:8a43f264074ee58981c8a80becceb4fca6488a641882b56ac19c11b19a8107e2?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-agent-rhel8\u0026tag=1.42.0-6"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:0b20755ee5537736b1fe1371bd0052a48cafe921c49019bb9b370ec2973fa08d_ppc64le",
"product": {
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:0b20755ee5537736b1fe1371bd0052a48cafe921c49019bb9b370ec2973fa08d_ppc64le",
"product_id": "rhosdt/jaeger-all-in-one-rhel8@sha256:0b20755ee5537736b1fe1371bd0052a48cafe921c49019bb9b370ec2973fa08d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:0b20755ee5537736b1fe1371bd0052a48cafe921c49019bb9b370ec2973fa08d?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8\u0026tag=1.42.0-4"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-collector-rhel8@sha256:ff04f6b0953c885bac0b58c0373eef52cc667901df03ecf40568c30132d46f31_ppc64le",
"product": {
"name": "rhosdt/jaeger-collector-rhel8@sha256:ff04f6b0953c885bac0b58c0373eef52cc667901df03ecf40568c30132d46f31_ppc64le",
"product_id": "rhosdt/jaeger-collector-rhel8@sha256:ff04f6b0953c885bac0b58c0373eef52cc667901df03ecf40568c30132d46f31_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256:ff04f6b0953c885bac0b58c0373eef52cc667901df03ecf40568c30132d46f31?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-collector-rhel8\u0026tag=1.42.0-6"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:98fe80fbd583a0f52d96045196806fdc4564ec3dd6baf06ab5d2e69bd4e78c3b_ppc64le",
"product": {
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:98fe80fbd583a0f52d96045196806fdc4564ec3dd6baf06ab5d2e69bd4e78c3b_ppc64le",
"product_id": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:98fe80fbd583a0f52d96045196806fdc4564ec3dd6baf06ab5d2e69bd4e78c3b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:98fe80fbd583a0f52d96045196806fdc4564ec3dd6baf06ab5d2e69bd4e78c3b?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8\u0026tag=1.42.0-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:8936533e85752a84a10dde80dd637bd362af950a5b71b4d89929e704cc22cbd2_ppc64le",
"product": {
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:8936533e85752a84a10dde80dd637bd362af950a5b71b4d89929e704cc22cbd2_ppc64le",
"product_id": "rhosdt/jaeger-es-rollover-rhel8@sha256:8936533e85752a84a10dde80dd637bd362af950a5b71b4d89929e704cc22cbd2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:8936533e85752a84a10dde80dd637bd362af950a5b71b4d89929e704cc22cbd2?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8\u0026tag=1.42.0-6"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-ingester-rhel8@sha256:496ff69d2598e54e2ca83e6c2ea10d471ad152711423932b28c70dc7265a99e8_ppc64le",
"product": {
"name": "rhosdt/jaeger-ingester-rhel8@sha256:496ff69d2598e54e2ca83e6c2ea10d471ad152711423932b28c70dc7265a99e8_ppc64le",
"product_id": "rhosdt/jaeger-ingester-rhel8@sha256:496ff69d2598e54e2ca83e6c2ea10d471ad152711423932b28c70dc7265a99e8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256:496ff69d2598e54e2ca83e6c2ea10d471ad152711423932b28c70dc7265a99e8?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-ingester-rhel8\u0026tag=1.42.0-6"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-rhel8-operator@sha256:69b565bd59f81777c857981508eaa4a177a8d1a0ffb96507758cde425681e36e_ppc64le",
"product": {
"name": "rhosdt/jaeger-rhel8-operator@sha256:69b565bd59f81777c857981508eaa4a177a8d1a0ffb96507758cde425681e36e_ppc64le",
"product_id": "rhosdt/jaeger-rhel8-operator@sha256:69b565bd59f81777c857981508eaa4a177a8d1a0ffb96507758cde425681e36e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256:69b565bd59f81777c857981508eaa4a177a8d1a0ffb96507758cde425681e36e?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-rhel8-operator\u0026tag=1.42.0-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/jaeger-query-rhel8@sha256:0fb36c45aeaf6ce09946a3bc90637a1d9a118f3d86c950105a916263de49501e_ppc64le",
"product": {
"name": "rhosdt/jaeger-query-rhel8@sha256:0fb36c45aeaf6ce09946a3bc90637a1d9a118f3d86c950105a916263de49501e_ppc64le",
"product_id": "rhosdt/jaeger-query-rhel8@sha256:0fb36c45aeaf6ce09946a3bc90637a1d9a118f3d86c950105a916263de49501e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256:0fb36c45aeaf6ce09946a3bc90637a1d9a118f3d86c950105a916263de49501e?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/jaeger-query-rhel8\u0026tag=1.42.0-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:db9c1a9684e33ddb8f4967f6d2ecd5c2969d1fd358ee9f7de2d991d2e6653936_ppc64le",
"product": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:db9c1a9684e33ddb8f4967f6d2ecd5c2969d1fd358ee9f7de2d991d2e6653936_ppc64le",
"product_id": "rhosdt/opentelemetry-collector-rhel8@sha256:db9c1a9684e33ddb8f4967f6d2ecd5c2969d1fd358ee9f7de2d991d2e6653936_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel8@sha256:db9c1a9684e33ddb8f4967f6d2ecd5c2969d1fd358ee9f7de2d991d2e6653936?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-collector-rhel8\u0026tag=0.74.0-4"
}
}
},
{
"category": "product_version",
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:983a171835f9ab509e96c79f7e2a6b0baaf253aa83abb328a3a0a6af25a34499_ppc64le",
"product": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:983a171835f9ab509e96c79f7e2a6b0baaf253aa83abb328a3a0a6af25a34499_ppc64le",
"product_id": "rhosdt/opentelemetry-rhel8-operator@sha256:983a171835f9ab509e96c79f7e2a6b0baaf253aa83abb328a3a0a6af25a34499_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel8-operator@sha256:983a171835f9ab509e96c79f7e2a6b0baaf253aa83abb328a3a0a6af25a34499?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/opentelemetry-rhel8-operator\u0026tag=0.74.0-5"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-rhel8@sha256:d8ecbfeeba3a8d0f4b32d6e35e3c21685f62aaec5be63c039f2e85964ab03052_ppc64le",
"product": {
"name": "rhosdt/tempo-rhel8@sha256:d8ecbfeeba3a8d0f4b32d6e35e3c21685f62aaec5be63c039f2e85964ab03052_ppc64le",
"product_id": "rhosdt/tempo-rhel8@sha256:d8ecbfeeba3a8d0f4b32d6e35e3c21685f62aaec5be63c039f2e85964ab03052_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8@sha256:d8ecbfeeba3a8d0f4b32d6e35e3c21685f62aaec5be63c039f2e85964ab03052?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/tempo-rhel8\u0026tag=2.0.1-12"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-gateway-rhel8@sha256:60245023f0b9f00afeb40c130cef36f2efa63d5c6416eee69d1523cae7addb45_ppc64le",
"product": {
"name": "rhosdt/tempo-gateway-rhel8@sha256:60245023f0b9f00afeb40c130cef36f2efa63d5c6416eee69d1523cae7addb45_ppc64le",
"product_id": "rhosdt/tempo-gateway-rhel8@sha256:60245023f0b9f00afeb40c130cef36f2efa63d5c6416eee69d1523cae7addb45_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-gateway-rhel8@sha256:60245023f0b9f00afeb40c130cef36f2efa63d5c6416eee69d1523cae7addb45?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/tempo-gateway-rhel8\u0026tag=0.1.2-7"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-rhel8-operator@sha256:7a9e324e998eec2a60300b21a2bba25bfef6403177163d3925cf9167d9bc8fe8_ppc64le",
"product": {
"name": "rhosdt/tempo-rhel8-operator@sha256:7a9e324e998eec2a60300b21a2bba25bfef6403177163d3925cf9167d9bc8fe8_ppc64le",
"product_id": "rhosdt/tempo-rhel8-operator@sha256:7a9e324e998eec2a60300b21a2bba25bfef6403177163d3925cf9167d9bc8fe8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-rhel8-operator@sha256:7a9e324e998eec2a60300b21a2bba25bfef6403177163d3925cf9167d9bc8fe8?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/tempo-rhel8-operator\u0026tag=0.1.0-6"
}
}
},
{
"category": "product_version",
"name": "rhosdt/tempo-query-rhel8@sha256:982bf7bd95a2fbfef36ec5aa70fdb6812f973dd23ebb525b3c017b03cdc8a15a_ppc64le",
"product": {
"name": "rhosdt/tempo-query-rhel8@sha256:982bf7bd95a2fbfef36ec5aa70fdb6812f973dd23ebb525b3c017b03cdc8a15a_ppc64le",
"product_id": "rhosdt/tempo-query-rhel8@sha256:982bf7bd95a2fbfef36ec5aa70fdb6812f973dd23ebb525b3c017b03cdc8a15a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/tempo-query-rhel8@sha256:982bf7bd95a2fbfef36ec5aa70fdb6812f973dd23ebb525b3c017b03cdc8a15a?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt/tempo-query-rhel8\u0026tag=0.1.0-6"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-agent-rhel8@sha256:8a43f264074ee58981c8a80becceb4fca6488a641882b56ac19c11b19a8107e2_ppc64le as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/jaeger-agent-rhel8@sha256:8a43f264074ee58981c8a80becceb4fca6488a641882b56ac19c11b19a8107e2_ppc64le"
},
"product_reference": "rhosdt/jaeger-agent-rhel8@sha256:8a43f264074ee58981c8a80becceb4fca6488a641882b56ac19c11b19a8107e2_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-agent-rhel8@sha256:b689645b06be8513d1960c4431ada2f7615d72cdc5df43adac38bd161b266a25_amd64 as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/jaeger-agent-rhel8@sha256:b689645b06be8513d1960c4431ada2f7615d72cdc5df43adac38bd161b266a25_amd64"
},
"product_reference": "rhosdt/jaeger-agent-rhel8@sha256:b689645b06be8513d1960c4431ada2f7615d72cdc5df43adac38bd161b266a25_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-agent-rhel8@sha256:c328aa56ba47b44064ef4bdb049078845fcd69604ce4a999817804781a5f0149_s390x as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/jaeger-agent-rhel8@sha256:c328aa56ba47b44064ef4bdb049078845fcd69604ce4a999817804781a5f0149_s390x"
},
"product_reference": "rhosdt/jaeger-agent-rhel8@sha256:c328aa56ba47b44064ef4bdb049078845fcd69604ce4a999817804781a5f0149_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:0b20755ee5537736b1fe1371bd0052a48cafe921c49019bb9b370ec2973fa08d_ppc64le as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/jaeger-all-in-one-rhel8@sha256:0b20755ee5537736b1fe1371bd0052a48cafe921c49019bb9b370ec2973fa08d_ppc64le"
},
"product_reference": "rhosdt/jaeger-all-in-one-rhel8@sha256:0b20755ee5537736b1fe1371bd0052a48cafe921c49019bb9b370ec2973fa08d_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:251e1a11abbb91bf0316c27242cc5f965f276dfecb388c19f9dfd93bc894622b_s390x as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/jaeger-all-in-one-rhel8@sha256:251e1a11abbb91bf0316c27242cc5f965f276dfecb388c19f9dfd93bc894622b_s390x"
},
"product_reference": "rhosdt/jaeger-all-in-one-rhel8@sha256:251e1a11abbb91bf0316c27242cc5f965f276dfecb388c19f9dfd93bc894622b_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-all-in-one-rhel8@sha256:e4bb5f4ec8077fd88d504bbdf9dc776011ec4bb459a6f8716c26ab0e62cbf70e_amd64 as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/jaeger-all-in-one-rhel8@sha256:e4bb5f4ec8077fd88d504bbdf9dc776011ec4bb459a6f8716c26ab0e62cbf70e_amd64"
},
"product_reference": "rhosdt/jaeger-all-in-one-rhel8@sha256:e4bb5f4ec8077fd88d504bbdf9dc776011ec4bb459a6f8716c26ab0e62cbf70e_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-collector-rhel8@sha256:1bd71465d819d4698e6f22f22c2b85b582602197aa7ce200ed8359cc5eb5651c_amd64 as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/jaeger-collector-rhel8@sha256:1bd71465d819d4698e6f22f22c2b85b582602197aa7ce200ed8359cc5eb5651c_amd64"
},
"product_reference": "rhosdt/jaeger-collector-rhel8@sha256:1bd71465d819d4698e6f22f22c2b85b582602197aa7ce200ed8359cc5eb5651c_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-collector-rhel8@sha256:b8f0ecc3f3f5e6ef95795b5d6e4c1101ac262798bc7f98d88a4d72c9bb8df2de_s390x as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/jaeger-collector-rhel8@sha256:b8f0ecc3f3f5e6ef95795b5d6e4c1101ac262798bc7f98d88a4d72c9bb8df2de_s390x"
},
"product_reference": "rhosdt/jaeger-collector-rhel8@sha256:b8f0ecc3f3f5e6ef95795b5d6e4c1101ac262798bc7f98d88a4d72c9bb8df2de_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-collector-rhel8@sha256:ff04f6b0953c885bac0b58c0373eef52cc667901df03ecf40568c30132d46f31_ppc64le as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/jaeger-collector-rhel8@sha256:ff04f6b0953c885bac0b58c0373eef52cc667901df03ecf40568c30132d46f31_ppc64le"
},
"product_reference": "rhosdt/jaeger-collector-rhel8@sha256:ff04f6b0953c885bac0b58c0373eef52cc667901df03ecf40568c30132d46f31_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1ad7cb4a53bba1ce64294865f2ea98bea7e12abc8b2ce3fb929b4ac6c7a9e534_s390x as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1ad7cb4a53bba1ce64294865f2ea98bea7e12abc8b2ce3fb929b4ac6c7a9e534_s390x"
},
"product_reference": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1ad7cb4a53bba1ce64294865f2ea98bea7e12abc8b2ce3fb929b4ac6c7a9e534_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2faac03b2c880856c059d1eba1ec41d464115a2ad26fa1fac53de5aebcae91e5_amd64 as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2faac03b2c880856c059d1eba1ec41d464115a2ad26fa1fac53de5aebcae91e5_amd64"
},
"product_reference": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2faac03b2c880856c059d1eba1ec41d464115a2ad26fa1fac53de5aebcae91e5_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:98fe80fbd583a0f52d96045196806fdc4564ec3dd6baf06ab5d2e69bd4e78c3b_ppc64le as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:98fe80fbd583a0f52d96045196806fdc4564ec3dd6baf06ab5d2e69bd4e78c3b_ppc64le"
},
"product_reference": "rhosdt/jaeger-es-index-cleaner-rhel8@sha256:98fe80fbd583a0f52d96045196806fdc4564ec3dd6baf06ab5d2e69bd4e78c3b_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:0bfe941f7a7af8f9d7aebeb7705837c3aa5858f6b282c511659d82bb71b466b1_s390x as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/jaeger-es-rollover-rhel8@sha256:0bfe941f7a7af8f9d7aebeb7705837c3aa5858f6b282c511659d82bb71b466b1_s390x"
},
"product_reference": "rhosdt/jaeger-es-rollover-rhel8@sha256:0bfe941f7a7af8f9d7aebeb7705837c3aa5858f6b282c511659d82bb71b466b1_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:75b3492d01d93b5f14dd8b8cae913f4c9a379cde9738b16b653f17065f461004_amd64 as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/jaeger-es-rollover-rhel8@sha256:75b3492d01d93b5f14dd8b8cae913f4c9a379cde9738b16b653f17065f461004_amd64"
},
"product_reference": "rhosdt/jaeger-es-rollover-rhel8@sha256:75b3492d01d93b5f14dd8b8cae913f4c9a379cde9738b16b653f17065f461004_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-es-rollover-rhel8@sha256:8936533e85752a84a10dde80dd637bd362af950a5b71b4d89929e704cc22cbd2_ppc64le as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/jaeger-es-rollover-rhel8@sha256:8936533e85752a84a10dde80dd637bd362af950a5b71b4d89929e704cc22cbd2_ppc64le"
},
"product_reference": "rhosdt/jaeger-es-rollover-rhel8@sha256:8936533e85752a84a10dde80dd637bd362af950a5b71b4d89929e704cc22cbd2_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-ingester-rhel8@sha256:1374bd615cd61d87b6d2a0fe2a41d40cfb6ff88cd652bcb1cdeedea7bc222394_s390x as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/jaeger-ingester-rhel8@sha256:1374bd615cd61d87b6d2a0fe2a41d40cfb6ff88cd652bcb1cdeedea7bc222394_s390x"
},
"product_reference": "rhosdt/jaeger-ingester-rhel8@sha256:1374bd615cd61d87b6d2a0fe2a41d40cfb6ff88cd652bcb1cdeedea7bc222394_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-ingester-rhel8@sha256:496ff69d2598e54e2ca83e6c2ea10d471ad152711423932b28c70dc7265a99e8_ppc64le as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/jaeger-ingester-rhel8@sha256:496ff69d2598e54e2ca83e6c2ea10d471ad152711423932b28c70dc7265a99e8_ppc64le"
},
"product_reference": "rhosdt/jaeger-ingester-rhel8@sha256:496ff69d2598e54e2ca83e6c2ea10d471ad152711423932b28c70dc7265a99e8_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-ingester-rhel8@sha256:8713a0e37285d6e5c7133221c07dcf4012d832bd47bf6657829fbfa4add1d049_amd64 as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/jaeger-ingester-rhel8@sha256:8713a0e37285d6e5c7133221c07dcf4012d832bd47bf6657829fbfa4add1d049_amd64"
},
"product_reference": "rhosdt/jaeger-ingester-rhel8@sha256:8713a0e37285d6e5c7133221c07dcf4012d832bd47bf6657829fbfa4add1d049_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-query-rhel8@sha256:0fb36c45aeaf6ce09946a3bc90637a1d9a118f3d86c950105a916263de49501e_ppc64le as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/jaeger-query-rhel8@sha256:0fb36c45aeaf6ce09946a3bc90637a1d9a118f3d86c950105a916263de49501e_ppc64le"
},
"product_reference": "rhosdt/jaeger-query-rhel8@sha256:0fb36c45aeaf6ce09946a3bc90637a1d9a118f3d86c950105a916263de49501e_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-query-rhel8@sha256:104db728c93ca8fd7a3abd8889e6a0d1ec4db34ea6e2d4350dba029651adeb17_s390x as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/jaeger-query-rhel8@sha256:104db728c93ca8fd7a3abd8889e6a0d1ec4db34ea6e2d4350dba029651adeb17_s390x"
},
"product_reference": "rhosdt/jaeger-query-rhel8@sha256:104db728c93ca8fd7a3abd8889e6a0d1ec4db34ea6e2d4350dba029651adeb17_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-query-rhel8@sha256:c6cb58f3440abb96c0ad5d3837131836cd8cd0b0e30582bf6fecdd2ec7f23fb5_amd64 as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/jaeger-query-rhel8@sha256:c6cb58f3440abb96c0ad5d3837131836cd8cd0b0e30582bf6fecdd2ec7f23fb5_amd64"
},
"product_reference": "rhosdt/jaeger-query-rhel8@sha256:c6cb58f3440abb96c0ad5d3837131836cd8cd0b0e30582bf6fecdd2ec7f23fb5_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-rhel8-operator@sha256:21ba897b333be9d40a02d4ea2c89af013331b3c06fbb86c5a9759f61039086f9_s390x as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/jaeger-rhel8-operator@sha256:21ba897b333be9d40a02d4ea2c89af013331b3c06fbb86c5a9759f61039086f9_s390x"
},
"product_reference": "rhosdt/jaeger-rhel8-operator@sha256:21ba897b333be9d40a02d4ea2c89af013331b3c06fbb86c5a9759f61039086f9_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-rhel8-operator@sha256:45aa2c351ee0e9cc8bbcb2cdedd6e673f3196464529a44be6ec74cc150eb6751_amd64 as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/jaeger-rhel8-operator@sha256:45aa2c351ee0e9cc8bbcb2cdedd6e673f3196464529a44be6ec74cc150eb6751_amd64"
},
"product_reference": "rhosdt/jaeger-rhel8-operator@sha256:45aa2c351ee0e9cc8bbcb2cdedd6e673f3196464529a44be6ec74cc150eb6751_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/jaeger-rhel8-operator@sha256:69b565bd59f81777c857981508eaa4a177a8d1a0ffb96507758cde425681e36e_ppc64le as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/jaeger-rhel8-operator@sha256:69b565bd59f81777c857981508eaa4a177a8d1a0ffb96507758cde425681e36e_ppc64le"
},
"product_reference": "rhosdt/jaeger-rhel8-operator@sha256:69b565bd59f81777c857981508eaa4a177a8d1a0ffb96507758cde425681e36e_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:00416535e7d8201734bf0f7d7f3279c064eb1311b8d64b89784622a05bc65244_amd64 as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/opentelemetry-collector-rhel8@sha256:00416535e7d8201734bf0f7d7f3279c064eb1311b8d64b89784622a05bc65244_amd64"
},
"product_reference": "rhosdt/opentelemetry-collector-rhel8@sha256:00416535e7d8201734bf0f7d7f3279c064eb1311b8d64b89784622a05bc65244_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:b7873e3eb7d40a27c638644474e04ddc364b77ec1ad1399e35da38fce22fc0b6_s390x as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/opentelemetry-collector-rhel8@sha256:b7873e3eb7d40a27c638644474e04ddc364b77ec1ad1399e35da38fce22fc0b6_s390x"
},
"product_reference": "rhosdt/opentelemetry-collector-rhel8@sha256:b7873e3eb7d40a27c638644474e04ddc364b77ec1ad1399e35da38fce22fc0b6_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-collector-rhel8@sha256:db9c1a9684e33ddb8f4967f6d2ecd5c2969d1fd358ee9f7de2d991d2e6653936_ppc64le as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/opentelemetry-collector-rhel8@sha256:db9c1a9684e33ddb8f4967f6d2ecd5c2969d1fd358ee9f7de2d991d2e6653936_ppc64le"
},
"product_reference": "rhosdt/opentelemetry-collector-rhel8@sha256:db9c1a9684e33ddb8f4967f6d2ecd5c2969d1fd358ee9f7de2d991d2e6653936_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:2d81f81659c6d9f4aa3ebeacf60f13ccd3365772114ab5df9bc099f7ea2ec033_amd64 as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/opentelemetry-rhel8-operator@sha256:2d81f81659c6d9f4aa3ebeacf60f13ccd3365772114ab5df9bc099f7ea2ec033_amd64"
},
"product_reference": "rhosdt/opentelemetry-rhel8-operator@sha256:2d81f81659c6d9f4aa3ebeacf60f13ccd3365772114ab5df9bc099f7ea2ec033_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:8e34697b56eae5a94f96d20195aeb9310c42b8ab608e1afdab2f680d2fc391ad_s390x as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/opentelemetry-rhel8-operator@sha256:8e34697b56eae5a94f96d20195aeb9310c42b8ab608e1afdab2f680d2fc391ad_s390x"
},
"product_reference": "rhosdt/opentelemetry-rhel8-operator@sha256:8e34697b56eae5a94f96d20195aeb9310c42b8ab608e1afdab2f680d2fc391ad_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/opentelemetry-rhel8-operator@sha256:983a171835f9ab509e96c79f7e2a6b0baaf253aa83abb328a3a0a6af25a34499_ppc64le as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/opentelemetry-rhel8-operator@sha256:983a171835f9ab509e96c79f7e2a6b0baaf253aa83abb328a3a0a6af25a34499_ppc64le"
},
"product_reference": "rhosdt/opentelemetry-rhel8-operator@sha256:983a171835f9ab509e96c79f7e2a6b0baaf253aa83abb328a3a0a6af25a34499_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-gateway-rhel8@sha256:1c8422e6085eb89fa74067651714d19f76c1eed5af90a339268cc699755eb68b_s390x as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/tempo-gateway-rhel8@sha256:1c8422e6085eb89fa74067651714d19f76c1eed5af90a339268cc699755eb68b_s390x"
},
"product_reference": "rhosdt/tempo-gateway-rhel8@sha256:1c8422e6085eb89fa74067651714d19f76c1eed5af90a339268cc699755eb68b_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-gateway-rhel8@sha256:5750eddfc102b827318e8a916ba96d0c07dc0ff57aee73b63f1b8ff430865e6b_amd64 as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/tempo-gateway-rhel8@sha256:5750eddfc102b827318e8a916ba96d0c07dc0ff57aee73b63f1b8ff430865e6b_amd64"
},
"product_reference": "rhosdt/tempo-gateway-rhel8@sha256:5750eddfc102b827318e8a916ba96d0c07dc0ff57aee73b63f1b8ff430865e6b_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-gateway-rhel8@sha256:60245023f0b9f00afeb40c130cef36f2efa63d5c6416eee69d1523cae7addb45_ppc64le as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/tempo-gateway-rhel8@sha256:60245023f0b9f00afeb40c130cef36f2efa63d5c6416eee69d1523cae7addb45_ppc64le"
},
"product_reference": "rhosdt/tempo-gateway-rhel8@sha256:60245023f0b9f00afeb40c130cef36f2efa63d5c6416eee69d1523cae7addb45_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-query-rhel8@sha256:30d4f50afa01afd9e21a6fb36fff2a4d6ded4d354a06745d92b6d08cd6f995c2_s390x as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/tempo-query-rhel8@sha256:30d4f50afa01afd9e21a6fb36fff2a4d6ded4d354a06745d92b6d08cd6f995c2_s390x"
},
"product_reference": "rhosdt/tempo-query-rhel8@sha256:30d4f50afa01afd9e21a6fb36fff2a4d6ded4d354a06745d92b6d08cd6f995c2_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-query-rhel8@sha256:982bf7bd95a2fbfef36ec5aa70fdb6812f973dd23ebb525b3c017b03cdc8a15a_ppc64le as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/tempo-query-rhel8@sha256:982bf7bd95a2fbfef36ec5aa70fdb6812f973dd23ebb525b3c017b03cdc8a15a_ppc64le"
},
"product_reference": "rhosdt/tempo-query-rhel8@sha256:982bf7bd95a2fbfef36ec5aa70fdb6812f973dd23ebb525b3c017b03cdc8a15a_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-query-rhel8@sha256:fd1ae22f59b180cf0ea59df3e405d98e252305efd98ff0e1fc15bdda19c18c28_amd64 as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/tempo-query-rhel8@sha256:fd1ae22f59b180cf0ea59df3e405d98e252305efd98ff0e1fc15bdda19c18c28_amd64"
},
"product_reference": "rhosdt/tempo-query-rhel8@sha256:fd1ae22f59b180cf0ea59df3e405d98e252305efd98ff0e1fc15bdda19c18c28_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-rhel8-operator@sha256:79472b5856d5aec5b5d321f95297ed7e7c4a46c82b2a894b638911da428312b4_s390x as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/tempo-rhel8-operator@sha256:79472b5856d5aec5b5d321f95297ed7e7c4a46c82b2a894b638911da428312b4_s390x"
},
"product_reference": "rhosdt/tempo-rhel8-operator@sha256:79472b5856d5aec5b5d321f95297ed7e7c4a46c82b2a894b638911da428312b4_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-rhel8-operator@sha256:7a9e324e998eec2a60300b21a2bba25bfef6403177163d3925cf9167d9bc8fe8_ppc64le as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/tempo-rhel8-operator@sha256:7a9e324e998eec2a60300b21a2bba25bfef6403177163d3925cf9167d9bc8fe8_ppc64le"
},
"product_reference": "rhosdt/tempo-rhel8-operator@sha256:7a9e324e998eec2a60300b21a2bba25bfef6403177163d3925cf9167d9bc8fe8_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-rhel8-operator@sha256:f4835973248c4cc72ec1fcf6a2bfed9903bd857cfc56df123a6ab6a331a5522f_amd64 as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/tempo-rhel8-operator@sha256:f4835973248c4cc72ec1fcf6a2bfed9903bd857cfc56df123a6ab6a331a5522f_amd64"
},
"product_reference": "rhosdt/tempo-rhel8-operator@sha256:f4835973248c4cc72ec1fcf6a2bfed9903bd857cfc56df123a6ab6a331a5522f_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-rhel8@sha256:0dbdf5051a2b1ba9fb0ee210e2713ed9f3d39e9c159395b8e179012b67f9bc6c_s390x as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/tempo-rhel8@sha256:0dbdf5051a2b1ba9fb0ee210e2713ed9f3d39e9c159395b8e179012b67f9bc6c_s390x"
},
"product_reference": "rhosdt/tempo-rhel8@sha256:0dbdf5051a2b1ba9fb0ee210e2713ed9f3d39e9c159395b8e179012b67f9bc6c_s390x",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-rhel8@sha256:9e2192e6d95248c549045c6bb147d185969abe85f27c27dfa8e1dc5417b1749e_amd64 as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/tempo-rhel8@sha256:9e2192e6d95248c549045c6bb147d185969abe85f27c27dfa8e1dc5417b1749e_amd64"
},
"product_reference": "rhosdt/tempo-rhel8@sha256:9e2192e6d95248c549045c6bb147d185969abe85f27c27dfa8e1dc5417b1749e_amd64",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhosdt/tempo-rhel8@sha256:d8ecbfeeba3a8d0f4b32d6e35e3c21685f62aaec5be63c039f2e85964ab03052_ppc64le as a component of Red Hat OpenShift distributed tracing 2.8",
"product_id": "8Base-RHOSDT-2.8:rhosdt/tempo-rhel8@sha256:d8ecbfeeba3a8d0f4b32d6e35e3c21685f62aaec5be63c039f2e85964ab03052_ppc64le"
},
"product_reference": "rhosdt/tempo-rhel8@sha256:d8ecbfeeba3a8d0f4b32d6e35e3c21685f62aaec5be63c039f2e85964ab03052_ppc64le",
"relates_to_product_reference": "8Base-RHOSDT-2.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSDT-2.8:rhosdt/jaeger-agent-rhel8@sha256:8a43f264074ee58981c8a80becceb4fca6488a641882b56ac19c11b19a8107e2_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/jaeger-agent-rhel8@sha256:b689645b06be8513d1960c4431ada2f7615d72cdc5df43adac38bd161b266a25_amd64",
"8Base-RHOSDT-2.8:rhosdt/jaeger-agent-rhel8@sha256:c328aa56ba47b44064ef4bdb049078845fcd69604ce4a999817804781a5f0149_s390x",
"8Base-RHOSDT-2.8:rhosdt/jaeger-all-in-one-rhel8@sha256:0b20755ee5537736b1fe1371bd0052a48cafe921c49019bb9b370ec2973fa08d_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/jaeger-all-in-one-rhel8@sha256:251e1a11abbb91bf0316c27242cc5f965f276dfecb388c19f9dfd93bc894622b_s390x",
"8Base-RHOSDT-2.8:rhosdt/jaeger-all-in-one-rhel8@sha256:e4bb5f4ec8077fd88d504bbdf9dc776011ec4bb459a6f8716c26ab0e62cbf70e_amd64",
"8Base-RHOSDT-2.8:rhosdt/jaeger-collector-rhel8@sha256:1bd71465d819d4698e6f22f22c2b85b582602197aa7ce200ed8359cc5eb5651c_amd64",
"8Base-RHOSDT-2.8:rhosdt/jaeger-collector-rhel8@sha256:b8f0ecc3f3f5e6ef95795b5d6e4c1101ac262798bc7f98d88a4d72c9bb8df2de_s390x",
"8Base-RHOSDT-2.8:rhosdt/jaeger-collector-rhel8@sha256:ff04f6b0953c885bac0b58c0373eef52cc667901df03ecf40568c30132d46f31_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1ad7cb4a53bba1ce64294865f2ea98bea7e12abc8b2ce3fb929b4ac6c7a9e534_s390x",
"8Base-RHOSDT-2.8:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2faac03b2c880856c059d1eba1ec41d464115a2ad26fa1fac53de5aebcae91e5_amd64",
"8Base-RHOSDT-2.8:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:98fe80fbd583a0f52d96045196806fdc4564ec3dd6baf06ab5d2e69bd4e78c3b_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/jaeger-es-rollover-rhel8@sha256:0bfe941f7a7af8f9d7aebeb7705837c3aa5858f6b282c511659d82bb71b466b1_s390x",
"8Base-RHOSDT-2.8:rhosdt/jaeger-es-rollover-rhel8@sha256:75b3492d01d93b5f14dd8b8cae913f4c9a379cde9738b16b653f17065f461004_amd64",
"8Base-RHOSDT-2.8:rhosdt/jaeger-es-rollover-rhel8@sha256:8936533e85752a84a10dde80dd637bd362af950a5b71b4d89929e704cc22cbd2_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/jaeger-ingester-rhel8@sha256:1374bd615cd61d87b6d2a0fe2a41d40cfb6ff88cd652bcb1cdeedea7bc222394_s390x",
"8Base-RHOSDT-2.8:rhosdt/jaeger-ingester-rhel8@sha256:496ff69d2598e54e2ca83e6c2ea10d471ad152711423932b28c70dc7265a99e8_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/jaeger-ingester-rhel8@sha256:8713a0e37285d6e5c7133221c07dcf4012d832bd47bf6657829fbfa4add1d049_amd64",
"8Base-RHOSDT-2.8:rhosdt/jaeger-query-rhel8@sha256:0fb36c45aeaf6ce09946a3bc90637a1d9a118f3d86c950105a916263de49501e_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/jaeger-query-rhel8@sha256:104db728c93ca8fd7a3abd8889e6a0d1ec4db34ea6e2d4350dba029651adeb17_s390x",
"8Base-RHOSDT-2.8:rhosdt/jaeger-query-rhel8@sha256:c6cb58f3440abb96c0ad5d3837131836cd8cd0b0e30582bf6fecdd2ec7f23fb5_amd64",
"8Base-RHOSDT-2.8:rhosdt/jaeger-rhel8-operator@sha256:21ba897b333be9d40a02d4ea2c89af013331b3c06fbb86c5a9759f61039086f9_s390x",
"8Base-RHOSDT-2.8:rhosdt/jaeger-rhel8-operator@sha256:45aa2c351ee0e9cc8bbcb2cdedd6e673f3196464529a44be6ec74cc150eb6751_amd64",
"8Base-RHOSDT-2.8:rhosdt/jaeger-rhel8-operator@sha256:69b565bd59f81777c857981508eaa4a177a8d1a0ffb96507758cde425681e36e_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/opentelemetry-collector-rhel8@sha256:00416535e7d8201734bf0f7d7f3279c064eb1311b8d64b89784622a05bc65244_amd64",
"8Base-RHOSDT-2.8:rhosdt/opentelemetry-collector-rhel8@sha256:b7873e3eb7d40a27c638644474e04ddc364b77ec1ad1399e35da38fce22fc0b6_s390x",
"8Base-RHOSDT-2.8:rhosdt/opentelemetry-collector-rhel8@sha256:db9c1a9684e33ddb8f4967f6d2ecd5c2969d1fd358ee9f7de2d991d2e6653936_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/opentelemetry-rhel8-operator@sha256:2d81f81659c6d9f4aa3ebeacf60f13ccd3365772114ab5df9bc099f7ea2ec033_amd64",
"8Base-RHOSDT-2.8:rhosdt/opentelemetry-rhel8-operator@sha256:8e34697b56eae5a94f96d20195aeb9310c42b8ab608e1afdab2f680d2fc391ad_s390x",
"8Base-RHOSDT-2.8:rhosdt/opentelemetry-rhel8-operator@sha256:983a171835f9ab509e96c79f7e2a6b0baaf253aa83abb328a3a0a6af25a34499_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/tempo-gateway-rhel8@sha256:1c8422e6085eb89fa74067651714d19f76c1eed5af90a339268cc699755eb68b_s390x",
"8Base-RHOSDT-2.8:rhosdt/tempo-gateway-rhel8@sha256:5750eddfc102b827318e8a916ba96d0c07dc0ff57aee73b63f1b8ff430865e6b_amd64",
"8Base-RHOSDT-2.8:rhosdt/tempo-gateway-rhel8@sha256:60245023f0b9f00afeb40c130cef36f2efa63d5c6416eee69d1523cae7addb45_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/tempo-query-rhel8@sha256:30d4f50afa01afd9e21a6fb36fff2a4d6ded4d354a06745d92b6d08cd6f995c2_s390x",
"8Base-RHOSDT-2.8:rhosdt/tempo-query-rhel8@sha256:982bf7bd95a2fbfef36ec5aa70fdb6812f973dd23ebb525b3c017b03cdc8a15a_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/tempo-query-rhel8@sha256:fd1ae22f59b180cf0ea59df3e405d98e252305efd98ff0e1fc15bdda19c18c28_amd64",
"8Base-RHOSDT-2.8:rhosdt/tempo-rhel8-operator@sha256:79472b5856d5aec5b5d321f95297ed7e7c4a46c82b2a894b638911da428312b4_s390x",
"8Base-RHOSDT-2.8:rhosdt/tempo-rhel8-operator@sha256:7a9e324e998eec2a60300b21a2bba25bfef6403177163d3925cf9167d9bc8fe8_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/tempo-rhel8-operator@sha256:f4835973248c4cc72ec1fcf6a2bfed9903bd857cfc56df123a6ab6a331a5522f_amd64",
"8Base-RHOSDT-2.8:rhosdt/tempo-rhel8@sha256:0dbdf5051a2b1ba9fb0ee210e2713ed9f3d39e9c159395b8e179012b67f9bc6c_s390x",
"8Base-RHOSDT-2.8:rhosdt/tempo-rhel8@sha256:9e2192e6d95248c549045c6bb147d185969abe85f27c27dfa8e1dc5417b1749e_amd64",
"8Base-RHOSDT-2.8:rhosdt/tempo-rhel8@sha256:d8ecbfeeba3a8d0f4b32d6e35e3c21685f62aaec5be63c039f2e85964ab03052_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-10T18:57:18+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade. Only those\nRPMs which are currently installed will be updated. Those RPMs which are\nnot installed but included in the list will not be updated. Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network. Many\npeople find this an easier way to apply updates. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"8Base-RHOSDT-2.8:rhosdt/jaeger-agent-rhel8@sha256:8a43f264074ee58981c8a80becceb4fca6488a641882b56ac19c11b19a8107e2_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/jaeger-agent-rhel8@sha256:b689645b06be8513d1960c4431ada2f7615d72cdc5df43adac38bd161b266a25_amd64",
"8Base-RHOSDT-2.8:rhosdt/jaeger-agent-rhel8@sha256:c328aa56ba47b44064ef4bdb049078845fcd69604ce4a999817804781a5f0149_s390x",
"8Base-RHOSDT-2.8:rhosdt/jaeger-all-in-one-rhel8@sha256:0b20755ee5537736b1fe1371bd0052a48cafe921c49019bb9b370ec2973fa08d_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/jaeger-all-in-one-rhel8@sha256:251e1a11abbb91bf0316c27242cc5f965f276dfecb388c19f9dfd93bc894622b_s390x",
"8Base-RHOSDT-2.8:rhosdt/jaeger-all-in-one-rhel8@sha256:e4bb5f4ec8077fd88d504bbdf9dc776011ec4bb459a6f8716c26ab0e62cbf70e_amd64",
"8Base-RHOSDT-2.8:rhosdt/jaeger-collector-rhel8@sha256:1bd71465d819d4698e6f22f22c2b85b582602197aa7ce200ed8359cc5eb5651c_amd64",
"8Base-RHOSDT-2.8:rhosdt/jaeger-collector-rhel8@sha256:b8f0ecc3f3f5e6ef95795b5d6e4c1101ac262798bc7f98d88a4d72c9bb8df2de_s390x",
"8Base-RHOSDT-2.8:rhosdt/jaeger-collector-rhel8@sha256:ff04f6b0953c885bac0b58c0373eef52cc667901df03ecf40568c30132d46f31_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1ad7cb4a53bba1ce64294865f2ea98bea7e12abc8b2ce3fb929b4ac6c7a9e534_s390x",
"8Base-RHOSDT-2.8:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2faac03b2c880856c059d1eba1ec41d464115a2ad26fa1fac53de5aebcae91e5_amd64",
"8Base-RHOSDT-2.8:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:98fe80fbd583a0f52d96045196806fdc4564ec3dd6baf06ab5d2e69bd4e78c3b_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/jaeger-es-rollover-rhel8@sha256:0bfe941f7a7af8f9d7aebeb7705837c3aa5858f6b282c511659d82bb71b466b1_s390x",
"8Base-RHOSDT-2.8:rhosdt/jaeger-es-rollover-rhel8@sha256:75b3492d01d93b5f14dd8b8cae913f4c9a379cde9738b16b653f17065f461004_amd64",
"8Base-RHOSDT-2.8:rhosdt/jaeger-es-rollover-rhel8@sha256:8936533e85752a84a10dde80dd637bd362af950a5b71b4d89929e704cc22cbd2_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/jaeger-ingester-rhel8@sha256:1374bd615cd61d87b6d2a0fe2a41d40cfb6ff88cd652bcb1cdeedea7bc222394_s390x",
"8Base-RHOSDT-2.8:rhosdt/jaeger-ingester-rhel8@sha256:496ff69d2598e54e2ca83e6c2ea10d471ad152711423932b28c70dc7265a99e8_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/jaeger-ingester-rhel8@sha256:8713a0e37285d6e5c7133221c07dcf4012d832bd47bf6657829fbfa4add1d049_amd64",
"8Base-RHOSDT-2.8:rhosdt/jaeger-query-rhel8@sha256:0fb36c45aeaf6ce09946a3bc90637a1d9a118f3d86c950105a916263de49501e_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/jaeger-query-rhel8@sha256:104db728c93ca8fd7a3abd8889e6a0d1ec4db34ea6e2d4350dba029651adeb17_s390x",
"8Base-RHOSDT-2.8:rhosdt/jaeger-query-rhel8@sha256:c6cb58f3440abb96c0ad5d3837131836cd8cd0b0e30582bf6fecdd2ec7f23fb5_amd64",
"8Base-RHOSDT-2.8:rhosdt/jaeger-rhel8-operator@sha256:21ba897b333be9d40a02d4ea2c89af013331b3c06fbb86c5a9759f61039086f9_s390x",
"8Base-RHOSDT-2.8:rhosdt/jaeger-rhel8-operator@sha256:45aa2c351ee0e9cc8bbcb2cdedd6e673f3196464529a44be6ec74cc150eb6751_amd64",
"8Base-RHOSDT-2.8:rhosdt/jaeger-rhel8-operator@sha256:69b565bd59f81777c857981508eaa4a177a8d1a0ffb96507758cde425681e36e_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/opentelemetry-collector-rhel8@sha256:00416535e7d8201734bf0f7d7f3279c064eb1311b8d64b89784622a05bc65244_amd64",
"8Base-RHOSDT-2.8:rhosdt/opentelemetry-collector-rhel8@sha256:b7873e3eb7d40a27c638644474e04ddc364b77ec1ad1399e35da38fce22fc0b6_s390x",
"8Base-RHOSDT-2.8:rhosdt/opentelemetry-collector-rhel8@sha256:db9c1a9684e33ddb8f4967f6d2ecd5c2969d1fd358ee9f7de2d991d2e6653936_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/opentelemetry-rhel8-operator@sha256:2d81f81659c6d9f4aa3ebeacf60f13ccd3365772114ab5df9bc099f7ea2ec033_amd64",
"8Base-RHOSDT-2.8:rhosdt/opentelemetry-rhel8-operator@sha256:8e34697b56eae5a94f96d20195aeb9310c42b8ab608e1afdab2f680d2fc391ad_s390x",
"8Base-RHOSDT-2.8:rhosdt/opentelemetry-rhel8-operator@sha256:983a171835f9ab509e96c79f7e2a6b0baaf253aa83abb328a3a0a6af25a34499_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/tempo-gateway-rhel8@sha256:1c8422e6085eb89fa74067651714d19f76c1eed5af90a339268cc699755eb68b_s390x",
"8Base-RHOSDT-2.8:rhosdt/tempo-gateway-rhel8@sha256:5750eddfc102b827318e8a916ba96d0c07dc0ff57aee73b63f1b8ff430865e6b_amd64",
"8Base-RHOSDT-2.8:rhosdt/tempo-gateway-rhel8@sha256:60245023f0b9f00afeb40c130cef36f2efa63d5c6416eee69d1523cae7addb45_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/tempo-query-rhel8@sha256:30d4f50afa01afd9e21a6fb36fff2a4d6ded4d354a06745d92b6d08cd6f995c2_s390x",
"8Base-RHOSDT-2.8:rhosdt/tempo-query-rhel8@sha256:982bf7bd95a2fbfef36ec5aa70fdb6812f973dd23ebb525b3c017b03cdc8a15a_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/tempo-query-rhel8@sha256:fd1ae22f59b180cf0ea59df3e405d98e252305efd98ff0e1fc15bdda19c18c28_amd64",
"8Base-RHOSDT-2.8:rhosdt/tempo-rhel8-operator@sha256:79472b5856d5aec5b5d321f95297ed7e7c4a46c82b2a894b638911da428312b4_s390x",
"8Base-RHOSDT-2.8:rhosdt/tempo-rhel8-operator@sha256:7a9e324e998eec2a60300b21a2bba25bfef6403177163d3925cf9167d9bc8fe8_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/tempo-rhel8-operator@sha256:f4835973248c4cc72ec1fcf6a2bfed9903bd857cfc56df123a6ab6a331a5522f_amd64",
"8Base-RHOSDT-2.8:rhosdt/tempo-rhel8@sha256:0dbdf5051a2b1ba9fb0ee210e2713ed9f3d39e9c159395b8e179012b67f9bc6c_s390x",
"8Base-RHOSDT-2.8:rhosdt/tempo-rhel8@sha256:9e2192e6d95248c549045c6bb147d185969abe85f27c27dfa8e1dc5417b1749e_amd64",
"8Base-RHOSDT-2.8:rhosdt/tempo-rhel8@sha256:d8ecbfeeba3a8d0f4b32d6e35e3c21685f62aaec5be63c039f2e85964ab03052_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:2728"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSDT-2.8:rhosdt/jaeger-agent-rhel8@sha256:8a43f264074ee58981c8a80becceb4fca6488a641882b56ac19c11b19a8107e2_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/jaeger-agent-rhel8@sha256:b689645b06be8513d1960c4431ada2f7615d72cdc5df43adac38bd161b266a25_amd64",
"8Base-RHOSDT-2.8:rhosdt/jaeger-agent-rhel8@sha256:c328aa56ba47b44064ef4bdb049078845fcd69604ce4a999817804781a5f0149_s390x",
"8Base-RHOSDT-2.8:rhosdt/jaeger-all-in-one-rhel8@sha256:0b20755ee5537736b1fe1371bd0052a48cafe921c49019bb9b370ec2973fa08d_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/jaeger-all-in-one-rhel8@sha256:251e1a11abbb91bf0316c27242cc5f965f276dfecb388c19f9dfd93bc894622b_s390x",
"8Base-RHOSDT-2.8:rhosdt/jaeger-all-in-one-rhel8@sha256:e4bb5f4ec8077fd88d504bbdf9dc776011ec4bb459a6f8716c26ab0e62cbf70e_amd64",
"8Base-RHOSDT-2.8:rhosdt/jaeger-collector-rhel8@sha256:1bd71465d819d4698e6f22f22c2b85b582602197aa7ce200ed8359cc5eb5651c_amd64",
"8Base-RHOSDT-2.8:rhosdt/jaeger-collector-rhel8@sha256:b8f0ecc3f3f5e6ef95795b5d6e4c1101ac262798bc7f98d88a4d72c9bb8df2de_s390x",
"8Base-RHOSDT-2.8:rhosdt/jaeger-collector-rhel8@sha256:ff04f6b0953c885bac0b58c0373eef52cc667901df03ecf40568c30132d46f31_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:1ad7cb4a53bba1ce64294865f2ea98bea7e12abc8b2ce3fb929b4ac6c7a9e534_s390x",
"8Base-RHOSDT-2.8:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2faac03b2c880856c059d1eba1ec41d464115a2ad26fa1fac53de5aebcae91e5_amd64",
"8Base-RHOSDT-2.8:rhosdt/jaeger-es-index-cleaner-rhel8@sha256:98fe80fbd583a0f52d96045196806fdc4564ec3dd6baf06ab5d2e69bd4e78c3b_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/jaeger-es-rollover-rhel8@sha256:0bfe941f7a7af8f9d7aebeb7705837c3aa5858f6b282c511659d82bb71b466b1_s390x",
"8Base-RHOSDT-2.8:rhosdt/jaeger-es-rollover-rhel8@sha256:75b3492d01d93b5f14dd8b8cae913f4c9a379cde9738b16b653f17065f461004_amd64",
"8Base-RHOSDT-2.8:rhosdt/jaeger-es-rollover-rhel8@sha256:8936533e85752a84a10dde80dd637bd362af950a5b71b4d89929e704cc22cbd2_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/jaeger-ingester-rhel8@sha256:1374bd615cd61d87b6d2a0fe2a41d40cfb6ff88cd652bcb1cdeedea7bc222394_s390x",
"8Base-RHOSDT-2.8:rhosdt/jaeger-ingester-rhel8@sha256:496ff69d2598e54e2ca83e6c2ea10d471ad152711423932b28c70dc7265a99e8_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/jaeger-ingester-rhel8@sha256:8713a0e37285d6e5c7133221c07dcf4012d832bd47bf6657829fbfa4add1d049_amd64",
"8Base-RHOSDT-2.8:rhosdt/jaeger-query-rhel8@sha256:0fb36c45aeaf6ce09946a3bc90637a1d9a118f3d86c950105a916263de49501e_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/jaeger-query-rhel8@sha256:104db728c93ca8fd7a3abd8889e6a0d1ec4db34ea6e2d4350dba029651adeb17_s390x",
"8Base-RHOSDT-2.8:rhosdt/jaeger-query-rhel8@sha256:c6cb58f3440abb96c0ad5d3837131836cd8cd0b0e30582bf6fecdd2ec7f23fb5_amd64",
"8Base-RHOSDT-2.8:rhosdt/jaeger-rhel8-operator@sha256:21ba897b333be9d40a02d4ea2c89af013331b3c06fbb86c5a9759f61039086f9_s390x",
"8Base-RHOSDT-2.8:rhosdt/jaeger-rhel8-operator@sha256:45aa2c351ee0e9cc8bbcb2cdedd6e673f3196464529a44be6ec74cc150eb6751_amd64",
"8Base-RHOSDT-2.8:rhosdt/jaeger-rhel8-operator@sha256:69b565bd59f81777c857981508eaa4a177a8d1a0ffb96507758cde425681e36e_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/opentelemetry-collector-rhel8@sha256:00416535e7d8201734bf0f7d7f3279c064eb1311b8d64b89784622a05bc65244_amd64",
"8Base-RHOSDT-2.8:rhosdt/opentelemetry-collector-rhel8@sha256:b7873e3eb7d40a27c638644474e04ddc364b77ec1ad1399e35da38fce22fc0b6_s390x",
"8Base-RHOSDT-2.8:rhosdt/opentelemetry-collector-rhel8@sha256:db9c1a9684e33ddb8f4967f6d2ecd5c2969d1fd358ee9f7de2d991d2e6653936_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/opentelemetry-rhel8-operator@sha256:2d81f81659c6d9f4aa3ebeacf60f13ccd3365772114ab5df9bc099f7ea2ec033_amd64",
"8Base-RHOSDT-2.8:rhosdt/opentelemetry-rhel8-operator@sha256:8e34697b56eae5a94f96d20195aeb9310c42b8ab608e1afdab2f680d2fc391ad_s390x",
"8Base-RHOSDT-2.8:rhosdt/opentelemetry-rhel8-operator@sha256:983a171835f9ab509e96c79f7e2a6b0baaf253aa83abb328a3a0a6af25a34499_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/tempo-gateway-rhel8@sha256:1c8422e6085eb89fa74067651714d19f76c1eed5af90a339268cc699755eb68b_s390x",
"8Base-RHOSDT-2.8:rhosdt/tempo-gateway-rhel8@sha256:5750eddfc102b827318e8a916ba96d0c07dc0ff57aee73b63f1b8ff430865e6b_amd64",
"8Base-RHOSDT-2.8:rhosdt/tempo-gateway-rhel8@sha256:60245023f0b9f00afeb40c130cef36f2efa63d5c6416eee69d1523cae7addb45_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/tempo-query-rhel8@sha256:30d4f50afa01afd9e21a6fb36fff2a4d6ded4d354a06745d92b6d08cd6f995c2_s390x",
"8Base-RHOSDT-2.8:rhosdt/tempo-query-rhel8@sha256:982bf7bd95a2fbfef36ec5aa70fdb6812f973dd23ebb525b3c017b03cdc8a15a_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/tempo-query-rhel8@sha256:fd1ae22f59b180cf0ea59df3e405d98e252305efd98ff0e1fc15bdda19c18c28_amd64",
"8Base-RHOSDT-2.8:rhosdt/tempo-rhel8-operator@sha256:79472b5856d5aec5b5d321f95297ed7e7c4a46c82b2a894b638911da428312b4_s390x",
"8Base-RHOSDT-2.8:rhosdt/tempo-rhel8-operator@sha256:7a9e324e998eec2a60300b21a2bba25bfef6403177163d3925cf9167d9bc8fe8_ppc64le",
"8Base-RHOSDT-2.8:rhosdt/tempo-rhel8-operator@sha256:f4835973248c4cc72ec1fcf6a2bfed9903bd857cfc56df123a6ab6a331a5522f_amd64",
"8Base-RHOSDT-2.8:rhosdt/tempo-rhel8@sha256:0dbdf5051a2b1ba9fb0ee210e2713ed9f3d39e9c159395b8e179012b67f9bc6c_s390x",
"8Base-RHOSDT-2.8:rhosdt/tempo-rhel8@sha256:9e2192e6d95248c549045c6bb147d185969abe85f27c27dfa8e1dc5417b1749e_amd64",
"8Base-RHOSDT-2.8:rhosdt/tempo-rhel8@sha256:d8ecbfeeba3a8d0f4b32d6e35e3c21685f62aaec5be63c039f2e85964ab03052_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…