Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-22871 (GCVE-0-2025-22871)
Vulnerability from cvelistv5 – Published: 2025-04-08 20:04 – Updated: 2026-05-12 12:04
VLAI
EPSS
Title
Request smuggling due to acceptance of invalid chunked data in net/http
Summary
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | net/http/internal |
Affected:
0 , < 1.23.8
(semver)
Affected: 1.24.0-0 , < 1.24.2 (semver) |
|
| Siemens | SENTRON 7KT PAC1261 Data Manager |
Affected:
0 , < V2.1.0
(custom)
|
Credits
Jeppe Bonde Weikop
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-04-08T21:03:21.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/04/4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-22871",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T14:57:03.151639Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T14:57:31.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SENTRON 7KT PAC1261 Data Manager",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:04:11.015Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-783943.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "net/http/internal",
"product": "net/http/internal",
"programRoutines": [
{
"name": "readChunkLine"
},
{
"name": "chunkedReader.Read"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.23.8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.24.2",
"status": "affected",
"version": "1.24.0-0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jeppe Bonde Weikop"
}
],
"descriptions": [
{
"lang": "en",
"value": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T20:04:34.769Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/652998"
},
{
"url": "https://go.dev/issue/71988"
},
{
"url": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk"
},
{
"url": "https://pkg.go.dev/vuln/GO-2025-3563"
}
],
"title": "Request smuggling due to acceptance of invalid chunked data in net/http"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2025-22871",
"datePublished": "2025-04-08T20:04:34.769Z",
"dateReserved": "2025-01-08T19:11:42.834Z",
"dateUpdated": "2026-05-12T12:04:11.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-22871",
"date": "2026-06-05",
"epss": "0.00294",
"percentile": "0.5301"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-22871\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2025-04-08T20:15:20.183\",\"lastModified\":\"2026-05-12T13:16:39.897\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.\"},{\"lang\":\"es\",\"value\":\"El paquete net/http acepta incorrectamente un LF simple como terminador de l\u00ednea en l\u00edneas de datos fragmentados. Esto puede permitir el contrabando de solicitudes si se utiliza un servidor net/http junto con un servidor que acepta incorrectamente un LF simple como parte de una extensi\u00f3n fragmentada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"references\":[{\"url\":\"https://go.dev/cl/652998\",\"source\":\"security@golang.org\"},{\"url\":\"https://go.dev/issue/71988\",\"source\":\"security@golang.org\"},{\"url\":\"https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk\",\"source\":\"security@golang.org\"},{\"url\":\"https://pkg.go.dev/vuln/GO-2025-3563\",\"source\":\"security@golang.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/04/04/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-783943.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/04/04/4\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-04-08T21:03:21.913Z\"}}, {\"affected\": [{\"vendor\": \"Siemens\", \"product\": \"SENTRON 7KT PAC1261 Data Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.1.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"x_adpType\": \"supplier\", \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-783943.html\"}], \"providerMetadata\": {\"orgId\": \"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\", \"shortName\": \"siemens-SADP\", \"dateUpdated\": \"2026-05-12T12:04:11.015Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-22871\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-18T14:57:03.151639Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-18T14:57:25.000Z\"}}], \"cna\": {\"title\": \"Request smuggling due to acceptance of invalid chunked data in net/http\", \"credits\": [{\"lang\": \"en\", \"value\": \"Jeppe Bonde Weikop\"}], \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"net/http/internal\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.23.8\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.24.0-0\", \"lessThan\": \"1.24.2\", \"versionType\": \"semver\"}], \"packageName\": \"net/http/internal\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"readChunkLine\"}, {\"name\": \"chunkedReader.Read\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/652998\"}, {\"url\": \"https://go.dev/issue/71988\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2025-3563\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2025-04-08T20:04:34.769Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-22871\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-12T12:04:11.015Z\", \"dateReserved\": \"2025-01-08T19:11:42.834Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2025-04-08T20:04:34.769Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2025:8478
Vulnerability from csaf_redhat - Published: 2025-06-04 00:45 - Updated: 2026-05-28 20:49Summary
Red Hat Security Advisory: go-toolset:rhel8 security update
Severity
Moderate
Notes
Topic: An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.
Security Fix(es):
* net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.
5.4 (Medium)
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.src::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.src::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. \n\nSecurity Fix(es):\n\n* net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:8478",
"url": "https://access.redhat.com/errata/RHSA-2025:8478"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2358493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
},
{
"category": "external",
"summary": "RHEL-94636",
"url": "https://issues.redhat.com/browse/RHEL-94636"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8478.json"
}
],
"title": "Red Hat Security Advisory: go-toolset:rhel8 security update",
"tracking": {
"current_release_date": "2026-05-28T20:49:38+00:00",
"generator": {
"date": "2026-05-28T20:49:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:8478",
"initial_release_date": "2025-06-04T00:45:24+00:00",
"revision_history": [
{
"date": "2025-06-04T00:45:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-04T00:45:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-28T20:49:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"product": {
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src (go-toolset:rhel8)",
"product_id": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.24.1-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=src\u0026rpmmod=go-toolset:rhel8:8100020250602163653:a3795dee"
}
}
},
{
"category": "product_version",
"name": "go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.src::go-toolset:rhel8",
"product": {
"name": "go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.src (go-toolset:rhel8)",
"product_id": "go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.src::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.23.9-1.module%2Bel8.10.0%2B23162%2B9223a61a?arch=src\u0026rpmmod=go-toolset:rhel8:8100020250602163653:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.src::go-toolset:rhel8",
"product": {
"name": "golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.src (go-toolset:rhel8)",
"product_id": "golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.src::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.23.9-1.module%2Bel8.10.0%2B23162%2B9223a61a?arch=src\u0026rpmmod=go-toolset:rhel8:8100020250602163653:a3795dee"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-docs-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8",
"product": {
"name": "golang-docs-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch (go-toolset:rhel8)",
"product_id": "golang-docs-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-docs@1.23.9-1.module%2Bel8.10.0%2B23162%2B9223a61a?arch=noarch\u0026rpmmod=go-toolset:rhel8:8100020250602163653:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-misc-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8",
"product": {
"name": "golang-misc-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch (go-toolset:rhel8)",
"product_id": "golang-misc-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-misc@1.23.9-1.module%2Bel8.10.0%2B23162%2B9223a61a?arch=noarch\u0026rpmmod=go-toolset:rhel8:8100020250602163653:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-src-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8",
"product": {
"name": "golang-src-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch (go-toolset:rhel8)",
"product_id": "golang-src-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-src@1.23.9-1.module%2Bel8.10.0%2B23162%2B9223a61a?arch=noarch\u0026rpmmod=go-toolset:rhel8:8100020250602163653:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-tests-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8",
"product": {
"name": "golang-tests-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch (go-toolset:rhel8)",
"product_id": "golang-tests-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-tests@1.23.9-1.module%2Bel8.10.0%2B23162%2B9223a61a?arch=noarch\u0026rpmmod=go-toolset:rhel8:8100020250602163653:a3795dee"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"product": {
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64 (go-toolset:rhel8)",
"product_id": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.24.1-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=aarch64\u0026rpmmod=go-toolset:rhel8:8100020250602163653:a3795dee"
}
}
},
{
"category": "product_version",
"name": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"product": {
"name": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64 (go-toolset:rhel8)",
"product_id": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debuginfo@1.24.1-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=aarch64\u0026rpmmod=go-toolset:rhel8:8100020250602163653:a3795dee"
}
}
},
{
"category": "product_version",
"name": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"product": {
"name": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64 (go-toolset:rhel8)",
"product_id": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debugsource@1.24.1-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=aarch64\u0026rpmmod=go-toolset:rhel8:8100020250602163653:a3795dee"
}
}
},
{
"category": "product_version",
"name": "go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64::go-toolset:rhel8",
"product": {
"name": "go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64 (go-toolset:rhel8)",
"product_id": "go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.23.9-1.module%2Bel8.10.0%2B23162%2B9223a61a?arch=aarch64\u0026rpmmod=go-toolset:rhel8:8100020250602163653:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64::go-toolset:rhel8",
"product": {
"name": "golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64 (go-toolset:rhel8)",
"product_id": "golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.23.9-1.module%2Bel8.10.0%2B23162%2B9223a61a?arch=aarch64\u0026rpmmod=go-toolset:rhel8:8100020250602163653:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64::go-toolset:rhel8",
"product": {
"name": "golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64 (go-toolset:rhel8)",
"product_id": "golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.23.9-1.module%2Bel8.10.0%2B23162%2B9223a61a?arch=aarch64\u0026rpmmod=go-toolset:rhel8:8100020250602163653:a3795dee"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"product": {
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le (go-toolset:rhel8)",
"product_id": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.24.1-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=ppc64le\u0026rpmmod=go-toolset:rhel8:8100020250602163653:a3795dee"
}
}
},
{
"category": "product_version",
"name": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"product": {
"name": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le (go-toolset:rhel8)",
"product_id": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debuginfo@1.24.1-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=ppc64le\u0026rpmmod=go-toolset:rhel8:8100020250602163653:a3795dee"
}
}
},
{
"category": "product_version",
"name": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"product": {
"name": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le (go-toolset:rhel8)",
"product_id": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debugsource@1.24.1-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=ppc64le\u0026rpmmod=go-toolset:rhel8:8100020250602163653:a3795dee"
}
}
},
{
"category": "product_version",
"name": "go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le::go-toolset:rhel8",
"product": {
"name": "go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le (go-toolset:rhel8)",
"product_id": "go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.23.9-1.module%2Bel8.10.0%2B23162%2B9223a61a?arch=ppc64le\u0026rpmmod=go-toolset:rhel8:8100020250602163653:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le::go-toolset:rhel8",
"product": {
"name": "golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le (go-toolset:rhel8)",
"product_id": "golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.23.9-1.module%2Bel8.10.0%2B23162%2B9223a61a?arch=ppc64le\u0026rpmmod=go-toolset:rhel8:8100020250602163653:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le::go-toolset:rhel8",
"product": {
"name": "golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le (go-toolset:rhel8)",
"product_id": "golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.23.9-1.module%2Bel8.10.0%2B23162%2B9223a61a?arch=ppc64le\u0026rpmmod=go-toolset:rhel8:8100020250602163653:a3795dee"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"product": {
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64 (go-toolset:rhel8)",
"product_id": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.24.1-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8100020250602163653:a3795dee"
}
}
},
{
"category": "product_version",
"name": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"product": {
"name": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64 (go-toolset:rhel8)",
"product_id": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debuginfo@1.24.1-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8100020250602163653:a3795dee"
}
}
},
{
"category": "product_version",
"name": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"product": {
"name": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64 (go-toolset:rhel8)",
"product_id": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debugsource@1.24.1-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8100020250602163653:a3795dee"
}
}
},
{
"category": "product_version",
"name": "go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64::go-toolset:rhel8",
"product": {
"name": "go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64 (go-toolset:rhel8)",
"product_id": "go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.23.9-1.module%2Bel8.10.0%2B23162%2B9223a61a?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8100020250602163653:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64::go-toolset:rhel8",
"product": {
"name": "golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64 (go-toolset:rhel8)",
"product_id": "golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.23.9-1.module%2Bel8.10.0%2B23162%2B9223a61a?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8100020250602163653:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64::go-toolset:rhel8",
"product": {
"name": "golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64 (go-toolset:rhel8)",
"product_id": "golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.23.9-1.module%2Bel8.10.0%2B23162%2B9223a61a?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8100020250602163653:a3795dee"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x::go-toolset:rhel8",
"product": {
"name": "go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x (go-toolset:rhel8)",
"product_id": "go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.23.9-1.module%2Bel8.10.0%2B23162%2B9223a61a?arch=s390x\u0026rpmmod=go-toolset:rhel8:8100020250602163653:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x::go-toolset:rhel8",
"product": {
"name": "golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x (go-toolset:rhel8)",
"product_id": "golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.23.9-1.module%2Bel8.10.0%2B23162%2B9223a61a?arch=s390x\u0026rpmmod=go-toolset:rhel8:8100020250602163653:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x::go-toolset:rhel8",
"product": {
"name": "golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x (go-toolset:rhel8)",
"product_id": "golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.23.9-1.module%2Bel8.10.0%2B23162%2B9223a61a?arch=s390x\u0026rpmmod=go-toolset:rhel8:8100020250602163653:a3795dee"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8"
},
"product_reference": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8"
},
"product_reference": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8"
},
"product_reference": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8"
},
"product_reference": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8"
},
"product_reference": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8"
},
"product_reference": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8"
},
"product_reference": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8"
},
"product_reference": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8"
},
"product_reference": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8"
},
"product_reference": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64::go-toolset:rhel8"
},
"product_reference": "go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le::go-toolset:rhel8"
},
"product_reference": "go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x::go-toolset:rhel8"
},
"product_reference": "go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.src (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.src::go-toolset:rhel8"
},
"product_reference": "go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.src::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64::go-toolset:rhel8"
},
"product_reference": "go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64::go-toolset:rhel8"
},
"product_reference": "golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le::go-toolset:rhel8"
},
"product_reference": "golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x::go-toolset:rhel8"
},
"product_reference": "golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.src (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.src::go-toolset:rhel8"
},
"product_reference": "golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.src::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64::go-toolset:rhel8"
},
"product_reference": "golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64::go-toolset:rhel8"
},
"product_reference": "golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le::go-toolset:rhel8"
},
"product_reference": "golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x::go-toolset:rhel8"
},
"product_reference": "golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64::go-toolset:rhel8"
},
"product_reference": "golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-docs-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8"
},
"product_reference": "golang-docs-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-misc-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8"
},
"product_reference": "golang-misc-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-src-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8"
},
"product_reference": "golang-src-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-tests-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8"
},
"product_reference": "golang-tests-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22871",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-04-08T21:01:32.229479+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358493"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling\u2014where an attacker tricks the system to send hidden or unauthorized requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite is rated as Low severity for this vulnerability. However, other affected components remain Moderate. Satellite uses the affected Go net/http component solely as a client to make requests, not as a server. Since this vulnerability only affects server-side usage, Satellite is not directly exposed to the flaw, justifying the lower severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22871"
},
{
"category": "external",
"summary": "RHBZ#2358493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871"
},
{
"category": "external",
"summary": "https://go.dev/cl/652998",
"url": "https://go.dev/cl/652998"
},
{
"category": "external",
"summary": "https://go.dev/issue/71988",
"url": "https://go.dev/issue/71988"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk",
"url": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3563",
"url": "https://pkg.go.dev/vuln/GO-2025-3563"
}
],
"release_date": "2025-04-08T20:04:34.769000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-04T00:45:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8478"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.9-1.module+el8.10.0+23162+9223a61a.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.23.9-1.module+el8.10.0+23162+9223a61a.noarch::go-toolset:rhel8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http"
}
]
}
RHSA-2025:8539
Vulnerability from csaf_redhat - Published: 2025-06-04 18:10 - Updated: 2026-05-28 20:49Summary
Red Hat Security Advisory: containernetworking-plugins security update
Severity
Moderate
Notes
Topic: An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted.
Security Fix(es):
* net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.
5.4 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:containernetworking-plugins-1:1.4.0-6.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:containernetworking-plugins-1:1.4.0-6.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:containernetworking-plugins-1:1.4.0-6.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:containernetworking-plugins-1:1.4.0-6.el9_4.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:containernetworking-plugins-1:1.4.0-6.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted. \n\nSecurity Fix(es):\n\n* net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:8539",
"url": "https://access.redhat.com/errata/RHSA-2025:8539"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2358493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8539.json"
}
],
"title": "Red Hat Security Advisory: containernetworking-plugins security update",
"tracking": {
"current_release_date": "2026-05-28T20:49:40+00:00",
"generator": {
"date": "2026-05-28T20:49:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:8539",
"initial_release_date": "2025-06-04T18:10:26+00:00",
"revision_history": [
{
"date": "2025-06-04T18:10:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-04T18:10:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-28T20:49:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.4.0-6.el9_4.1.src",
"product": {
"name": "containernetworking-plugins-1:1.4.0-6.el9_4.1.src",
"product_id": "containernetworking-plugins-1:1.4.0-6.el9_4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.4.0-6.el9_4.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.4.0-6.el9_4.1.aarch64",
"product": {
"name": "containernetworking-plugins-1:1.4.0-6.el9_4.1.aarch64",
"product_id": "containernetworking-plugins-1:1.4.0-6.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.4.0-6.el9_4.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.aarch64",
"product": {
"name": "containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.aarch64",
"product_id": "containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debugsource@1.4.0-6.el9_4.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.aarch64",
"product": {
"name": "containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.aarch64",
"product_id": "containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debuginfo@1.4.0-6.el9_4.1?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.4.0-6.el9_4.1.ppc64le",
"product": {
"name": "containernetworking-plugins-1:1.4.0-6.el9_4.1.ppc64le",
"product_id": "containernetworking-plugins-1:1.4.0-6.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.4.0-6.el9_4.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.ppc64le",
"product": {
"name": "containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.ppc64le",
"product_id": "containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debugsource@1.4.0-6.el9_4.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.ppc64le",
"product": {
"name": "containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.ppc64le",
"product_id": "containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debuginfo@1.4.0-6.el9_4.1?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.4.0-6.el9_4.1.x86_64",
"product": {
"name": "containernetworking-plugins-1:1.4.0-6.el9_4.1.x86_64",
"product_id": "containernetworking-plugins-1:1.4.0-6.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.4.0-6.el9_4.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.x86_64",
"product": {
"name": "containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.x86_64",
"product_id": "containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debugsource@1.4.0-6.el9_4.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.x86_64",
"product": {
"name": "containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.x86_64",
"product_id": "containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debuginfo@1.4.0-6.el9_4.1?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "containernetworking-plugins-1:1.4.0-6.el9_4.1.s390x",
"product": {
"name": "containernetworking-plugins-1:1.4.0-6.el9_4.1.s390x",
"product_id": "containernetworking-plugins-1:1.4.0-6.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins@1.4.0-6.el9_4.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.s390x",
"product": {
"name": "containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.s390x",
"product_id": "containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debugsource@1.4.0-6.el9_4.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.s390x",
"product": {
"name": "containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.s390x",
"product_id": "containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/containernetworking-plugins-debuginfo@1.4.0-6.el9_4.1?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.4.0-6.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:containernetworking-plugins-1:1.4.0-6.el9_4.1.aarch64"
},
"product_reference": "containernetworking-plugins-1:1.4.0-6.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.4.0-6.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:containernetworking-plugins-1:1.4.0-6.el9_4.1.ppc64le"
},
"product_reference": "containernetworking-plugins-1:1.4.0-6.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.4.0-6.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:containernetworking-plugins-1:1.4.0-6.el9_4.1.s390x"
},
"product_reference": "containernetworking-plugins-1:1.4.0-6.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.4.0-6.el9_4.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:containernetworking-plugins-1:1.4.0-6.el9_4.1.src"
},
"product_reference": "containernetworking-plugins-1:1.4.0-6.el9_4.1.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-1:1.4.0-6.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:containernetworking-plugins-1:1.4.0-6.el9_4.1.x86_64"
},
"product_reference": "containernetworking-plugins-1:1.4.0-6.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.aarch64"
},
"product_reference": "containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.ppc64le"
},
"product_reference": "containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.s390x"
},
"product_reference": "containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.x86_64"
},
"product_reference": "containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.aarch64"
},
"product_reference": "containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.ppc64le"
},
"product_reference": "containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.s390x"
},
"product_reference": "containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.x86_64"
},
"product_reference": "containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22871",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-04-08T21:01:32.229479+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358493"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling\u2014where an attacker tricks the system to send hidden or unauthorized requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite is rated as Low severity for this vulnerability. However, other affected components remain Moderate. Satellite uses the affected Go net/http component solely as a client to make requests, not as a server. Since this vulnerability only affects server-side usage, Satellite is not directly exposed to the flaw, justifying the lower severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-1:1.4.0-6.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-1:1.4.0-6.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-1:1.4.0-6.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-1:1.4.0-6.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-1:1.4.0-6.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22871"
},
{
"category": "external",
"summary": "RHBZ#2358493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871"
},
{
"category": "external",
"summary": "https://go.dev/cl/652998",
"url": "https://go.dev/cl/652998"
},
{
"category": "external",
"summary": "https://go.dev/issue/71988",
"url": "https://go.dev/issue/71988"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk",
"url": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3563",
"url": "https://pkg.go.dev/vuln/GO-2025-3563"
}
],
"release_date": "2025-04-08T20:04:34.769000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-04T18:10:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-1:1.4.0-6.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-1:1.4.0-6.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-1:1.4.0-6.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-1:1.4.0-6.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-1:1.4.0-6.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8539"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-1:1.4.0-6.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-1:1.4.0-6.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-1:1.4.0-6.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-1:1.4.0-6.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-1:1.4.0-6.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-1:1.4.0-6.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-1:1.4.0-6.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-1:1.4.0-6.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-1:1.4.0-6.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-1:1.4.0-6.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debuginfo-1:1.4.0-6.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:containernetworking-plugins-debugsource-1:1.4.0-6.el9_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http"
}
]
}
RHSA-2025:8601
Vulnerability from csaf_redhat - Published: 2025-06-05 18:28 - Updated: 2026-05-28 20:49Summary
Red Hat Security Advisory: gvisor-tap-vsock security update
Severity
Moderate
Notes
Topic: An update for gvisor-tap-vsock is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for podman-machine virtual machines. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding.
Security Fix(es):
* net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.
5.4 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-6:0.7.3-5.el9_4.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-6:0.7.3-5.el9_4.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-6:0.7.3-5.el9_4.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-6:0.7.3-5.el9_4.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-6:0.7.3-5.el9_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for gvisor-tap-vsock is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for podman-machine virtual machines. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding.\n\nSecurity Fix(es):\n\n* net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:8601",
"url": "https://access.redhat.com/errata/RHSA-2025:8601"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2358493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8601.json"
}
],
"title": "Red Hat Security Advisory: gvisor-tap-vsock security update",
"tracking": {
"current_release_date": "2026-05-28T20:49:40+00:00",
"generator": {
"date": "2026-05-28T20:49:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:8601",
"initial_release_date": "2025-06-05T18:28:55+00:00",
"revision_history": [
{
"date": "2025-06-05T18:28:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-05T18:28:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-28T20:49:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "gvisor-tap-vsock-6:0.7.3-5.el9_4.2.src",
"product": {
"name": "gvisor-tap-vsock-6:0.7.3-5.el9_4.2.src",
"product_id": "gvisor-tap-vsock-6:0.7.3-5.el9_4.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gvisor-tap-vsock@0.7.3-5.el9_4.2?arch=src\u0026epoch=6"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "gvisor-tap-vsock-6:0.7.3-5.el9_4.2.aarch64",
"product": {
"name": "gvisor-tap-vsock-6:0.7.3-5.el9_4.2.aarch64",
"product_id": "gvisor-tap-vsock-6:0.7.3-5.el9_4.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gvisor-tap-vsock@0.7.3-5.el9_4.2?arch=aarch64\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.aarch64",
"product": {
"name": "gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.aarch64",
"product_id": "gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gvisor-tap-vsock-debugsource@0.7.3-5.el9_4.2?arch=aarch64\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.aarch64",
"product": {
"name": "gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.aarch64",
"product_id": "gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gvisor-tap-vsock-debuginfo@0.7.3-5.el9_4.2?arch=aarch64\u0026epoch=6"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gvisor-tap-vsock-6:0.7.3-5.el9_4.2.ppc64le",
"product": {
"name": "gvisor-tap-vsock-6:0.7.3-5.el9_4.2.ppc64le",
"product_id": "gvisor-tap-vsock-6:0.7.3-5.el9_4.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gvisor-tap-vsock@0.7.3-5.el9_4.2?arch=ppc64le\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.ppc64le",
"product": {
"name": "gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.ppc64le",
"product_id": "gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gvisor-tap-vsock-debugsource@0.7.3-5.el9_4.2?arch=ppc64le\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.ppc64le",
"product": {
"name": "gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.ppc64le",
"product_id": "gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gvisor-tap-vsock-debuginfo@0.7.3-5.el9_4.2?arch=ppc64le\u0026epoch=6"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gvisor-tap-vsock-6:0.7.3-5.el9_4.2.x86_64",
"product": {
"name": "gvisor-tap-vsock-6:0.7.3-5.el9_4.2.x86_64",
"product_id": "gvisor-tap-vsock-6:0.7.3-5.el9_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gvisor-tap-vsock@0.7.3-5.el9_4.2?arch=x86_64\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.x86_64",
"product": {
"name": "gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.x86_64",
"product_id": "gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gvisor-tap-vsock-debugsource@0.7.3-5.el9_4.2?arch=x86_64\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.x86_64",
"product": {
"name": "gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.x86_64",
"product_id": "gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gvisor-tap-vsock-debuginfo@0.7.3-5.el9_4.2?arch=x86_64\u0026epoch=6"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "gvisor-tap-vsock-6:0.7.3-5.el9_4.2.s390x",
"product": {
"name": "gvisor-tap-vsock-6:0.7.3-5.el9_4.2.s390x",
"product_id": "gvisor-tap-vsock-6:0.7.3-5.el9_4.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gvisor-tap-vsock@0.7.3-5.el9_4.2?arch=s390x\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.s390x",
"product": {
"name": "gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.s390x",
"product_id": "gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gvisor-tap-vsock-debugsource@0.7.3-5.el9_4.2?arch=s390x\u0026epoch=6"
}
}
},
{
"category": "product_version",
"name": "gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.s390x",
"product": {
"name": "gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.s390x",
"product_id": "gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/gvisor-tap-vsock-debuginfo@0.7.3-5.el9_4.2?arch=s390x\u0026epoch=6"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gvisor-tap-vsock-6:0.7.3-5.el9_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-6:0.7.3-5.el9_4.2.aarch64"
},
"product_reference": "gvisor-tap-vsock-6:0.7.3-5.el9_4.2.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvisor-tap-vsock-6:0.7.3-5.el9_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-6:0.7.3-5.el9_4.2.ppc64le"
},
"product_reference": "gvisor-tap-vsock-6:0.7.3-5.el9_4.2.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvisor-tap-vsock-6:0.7.3-5.el9_4.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-6:0.7.3-5.el9_4.2.s390x"
},
"product_reference": "gvisor-tap-vsock-6:0.7.3-5.el9_4.2.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvisor-tap-vsock-6:0.7.3-5.el9_4.2.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-6:0.7.3-5.el9_4.2.src"
},
"product_reference": "gvisor-tap-vsock-6:0.7.3-5.el9_4.2.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvisor-tap-vsock-6:0.7.3-5.el9_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-6:0.7.3-5.el9_4.2.x86_64"
},
"product_reference": "gvisor-tap-vsock-6:0.7.3-5.el9_4.2.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.aarch64"
},
"product_reference": "gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.ppc64le"
},
"product_reference": "gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.s390x"
},
"product_reference": "gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.x86_64"
},
"product_reference": "gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.aarch64"
},
"product_reference": "gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.ppc64le"
},
"product_reference": "gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.s390x"
},
"product_reference": "gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.x86_64"
},
"product_reference": "gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22871",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-04-08T21:01:32.229479+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358493"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling\u2014where an attacker tricks the system to send hidden or unauthorized requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite is rated as Low severity for this vulnerability. However, other affected components remain Moderate. Satellite uses the affected Go net/http component solely as a client to make requests, not as a server. Since this vulnerability only affects server-side usage, Satellite is not directly exposed to the flaw, justifying the lower severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-6:0.7.3-5.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-6:0.7.3-5.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-6:0.7.3-5.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-6:0.7.3-5.el9_4.2.src",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-6:0.7.3-5.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22871"
},
{
"category": "external",
"summary": "RHBZ#2358493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871"
},
{
"category": "external",
"summary": "https://go.dev/cl/652998",
"url": "https://go.dev/cl/652998"
},
{
"category": "external",
"summary": "https://go.dev/issue/71988",
"url": "https://go.dev/issue/71988"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk",
"url": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3563",
"url": "https://pkg.go.dev/vuln/GO-2025-3563"
}
],
"release_date": "2025-04-08T20:04:34.769000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-05T18:28:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-6:0.7.3-5.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-6:0.7.3-5.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-6:0.7.3-5.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-6:0.7.3-5.el9_4.2.src",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-6:0.7.3-5.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8601"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-6:0.7.3-5.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-6:0.7.3-5.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-6:0.7.3-5.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-6:0.7.3-5.el9_4.2.src",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-6:0.7.3-5.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-6:0.7.3-5.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-6:0.7.3-5.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-6:0.7.3-5.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-6:0.7.3-5.el9_4.2.src",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-6:0.7.3-5.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debuginfo-6:0.7.3-5.el9_4.2.x86_64",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.aarch64",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.ppc64le",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.s390x",
"AppStream-9.4.0.Z.EUS:gvisor-tap-vsock-debugsource-6:0.7.3-5.el9_4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http"
}
]
}
RHSA-2025:8632
Vulnerability from csaf_redhat - Published: 2025-06-09 02:29 - Updated: 2026-05-28 20:49Summary
Red Hat Security Advisory: buildah security update
Severity
Moderate
Notes
Topic: An update for buildah is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images.
Security Fix(es):
* net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.
5.4 (Medium)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-2:1.33.12-2.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-2:1.33.12-2.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-2:1.33.12-2.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-2:1.33.12-2.el9_4.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-2:1.33.12-2.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.12-2.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.12-2.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.12-2.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.12-2.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.12-2.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.12-2.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.12-2.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.12-2.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.12-2.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.12-2.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.12-2.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.12-2.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for buildah is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. \n\nSecurity Fix(es):\n\n* net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:8632",
"url": "https://access.redhat.com/errata/RHSA-2025:8632"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2358493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8632.json"
}
],
"title": "Red Hat Security Advisory: buildah security update",
"tracking": {
"current_release_date": "2026-05-28T20:49:40+00:00",
"generator": {
"date": "2026-05-28T20:49:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:8632",
"initial_release_date": "2025-06-09T02:29:48+00:00",
"revision_history": [
{
"date": "2025-06-09T02:29:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-09T02:29:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-28T20:49:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.33.12-2.el9_4.1.src",
"product": {
"name": "buildah-2:1.33.12-2.el9_4.1.src",
"product_id": "buildah-2:1.33.12-2.el9_4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.33.12-2.el9_4.1?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.33.12-2.el9_4.1.aarch64",
"product": {
"name": "buildah-2:1.33.12-2.el9_4.1.aarch64",
"product_id": "buildah-2:1.33.12-2.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.33.12-2.el9_4.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-2:1.33.12-2.el9_4.1.aarch64",
"product": {
"name": "buildah-tests-2:1.33.12-2.el9_4.1.aarch64",
"product_id": "buildah-tests-2:1.33.12-2.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.33.12-2.el9_4.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-2:1.33.12-2.el9_4.1.aarch64",
"product": {
"name": "buildah-debugsource-2:1.33.12-2.el9_4.1.aarch64",
"product_id": "buildah-debugsource-2:1.33.12-2.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.33.12-2.el9_4.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-2:1.33.12-2.el9_4.1.aarch64",
"product": {
"name": "buildah-debuginfo-2:1.33.12-2.el9_4.1.aarch64",
"product_id": "buildah-debuginfo-2:1.33.12-2.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.33.12-2.el9_4.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.aarch64",
"product": {
"name": "buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.aarch64",
"product_id": "buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.33.12-2.el9_4.1?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.33.12-2.el9_4.1.ppc64le",
"product": {
"name": "buildah-2:1.33.12-2.el9_4.1.ppc64le",
"product_id": "buildah-2:1.33.12-2.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.33.12-2.el9_4.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-2:1.33.12-2.el9_4.1.ppc64le",
"product": {
"name": "buildah-tests-2:1.33.12-2.el9_4.1.ppc64le",
"product_id": "buildah-tests-2:1.33.12-2.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.33.12-2.el9_4.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-2:1.33.12-2.el9_4.1.ppc64le",
"product": {
"name": "buildah-debugsource-2:1.33.12-2.el9_4.1.ppc64le",
"product_id": "buildah-debugsource-2:1.33.12-2.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.33.12-2.el9_4.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-2:1.33.12-2.el9_4.1.ppc64le",
"product": {
"name": "buildah-debuginfo-2:1.33.12-2.el9_4.1.ppc64le",
"product_id": "buildah-debuginfo-2:1.33.12-2.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.33.12-2.el9_4.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.ppc64le",
"product": {
"name": "buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.ppc64le",
"product_id": "buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.33.12-2.el9_4.1?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.33.12-2.el9_4.1.x86_64",
"product": {
"name": "buildah-2:1.33.12-2.el9_4.1.x86_64",
"product_id": "buildah-2:1.33.12-2.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.33.12-2.el9_4.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-2:1.33.12-2.el9_4.1.x86_64",
"product": {
"name": "buildah-tests-2:1.33.12-2.el9_4.1.x86_64",
"product_id": "buildah-tests-2:1.33.12-2.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.33.12-2.el9_4.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-2:1.33.12-2.el9_4.1.x86_64",
"product": {
"name": "buildah-debugsource-2:1.33.12-2.el9_4.1.x86_64",
"product_id": "buildah-debugsource-2:1.33.12-2.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.33.12-2.el9_4.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-2:1.33.12-2.el9_4.1.x86_64",
"product": {
"name": "buildah-debuginfo-2:1.33.12-2.el9_4.1.x86_64",
"product_id": "buildah-debuginfo-2:1.33.12-2.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.33.12-2.el9_4.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.x86_64",
"product": {
"name": "buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.x86_64",
"product_id": "buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.33.12-2.el9_4.1?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-2:1.33.12-2.el9_4.1.s390x",
"product": {
"name": "buildah-2:1.33.12-2.el9_4.1.s390x",
"product_id": "buildah-2:1.33.12-2.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah@1.33.12-2.el9_4.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-2:1.33.12-2.el9_4.1.s390x",
"product": {
"name": "buildah-tests-2:1.33.12-2.el9_4.1.s390x",
"product_id": "buildah-tests-2:1.33.12-2.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests@1.33.12-2.el9_4.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debugsource-2:1.33.12-2.el9_4.1.s390x",
"product": {
"name": "buildah-debugsource-2:1.33.12-2.el9_4.1.s390x",
"product_id": "buildah-debugsource-2:1.33.12-2.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debugsource@1.33.12-2.el9_4.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-debuginfo-2:1.33.12-2.el9_4.1.s390x",
"product": {
"name": "buildah-debuginfo-2:1.33.12-2.el9_4.1.s390x",
"product_id": "buildah-debuginfo-2:1.33.12-2.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-debuginfo@1.33.12-2.el9_4.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.s390x",
"product": {
"name": "buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.s390x",
"product_id": "buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/buildah-tests-debuginfo@1.33.12-2.el9_4.1?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.33.12-2.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-2:1.33.12-2.el9_4.1.aarch64"
},
"product_reference": "buildah-2:1.33.12-2.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.33.12-2.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-2:1.33.12-2.el9_4.1.ppc64le"
},
"product_reference": "buildah-2:1.33.12-2.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.33.12-2.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-2:1.33.12-2.el9_4.1.s390x"
},
"product_reference": "buildah-2:1.33.12-2.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.33.12-2.el9_4.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-2:1.33.12-2.el9_4.1.src"
},
"product_reference": "buildah-2:1.33.12-2.el9_4.1.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-2:1.33.12-2.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-2:1.33.12-2.el9_4.1.x86_64"
},
"product_reference": "buildah-2:1.33.12-2.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-2:1.33.12-2.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.12-2.el9_4.1.aarch64"
},
"product_reference": "buildah-debuginfo-2:1.33.12-2.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-2:1.33.12-2.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.12-2.el9_4.1.ppc64le"
},
"product_reference": "buildah-debuginfo-2:1.33.12-2.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-2:1.33.12-2.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.12-2.el9_4.1.s390x"
},
"product_reference": "buildah-debuginfo-2:1.33.12-2.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debuginfo-2:1.33.12-2.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.12-2.el9_4.1.x86_64"
},
"product_reference": "buildah-debuginfo-2:1.33.12-2.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-2:1.33.12-2.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.12-2.el9_4.1.aarch64"
},
"product_reference": "buildah-debugsource-2:1.33.12-2.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-2:1.33.12-2.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.12-2.el9_4.1.ppc64le"
},
"product_reference": "buildah-debugsource-2:1.33.12-2.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-2:1.33.12-2.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.12-2.el9_4.1.s390x"
},
"product_reference": "buildah-debugsource-2:1.33.12-2.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-debugsource-2:1.33.12-2.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.12-2.el9_4.1.x86_64"
},
"product_reference": "buildah-debugsource-2:1.33.12-2.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-2:1.33.12-2.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.12-2.el9_4.1.aarch64"
},
"product_reference": "buildah-tests-2:1.33.12-2.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-2:1.33.12-2.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.12-2.el9_4.1.ppc64le"
},
"product_reference": "buildah-tests-2:1.33.12-2.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-2:1.33.12-2.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.12-2.el9_4.1.s390x"
},
"product_reference": "buildah-tests-2:1.33.12-2.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-2:1.33.12-2.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.12-2.el9_4.1.x86_64"
},
"product_reference": "buildah-tests-2:1.33.12-2.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.aarch64"
},
"product_reference": "buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.ppc64le"
},
"product_reference": "buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.s390x"
},
"product_reference": "buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.x86_64"
},
"product_reference": "buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22871",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-04-08T21:01:32.229479+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358493"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling\u2014where an attacker tricks the system to send hidden or unauthorized requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite is rated as Low severity for this vulnerability. However, other affected components remain Moderate. Satellite uses the affected Go net/http component solely as a client to make requests, not as a server. Since this vulnerability only affects server-side usage, Satellite is not directly exposed to the flaw, justifying the lower severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.12-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.12-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.12-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.12-2.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.12-2.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.12-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.12-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.12-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.12-2.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.12-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.12-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.12-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.12-2.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.12-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.12-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.12-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.12-2.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22871"
},
{
"category": "external",
"summary": "RHBZ#2358493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871"
},
{
"category": "external",
"summary": "https://go.dev/cl/652998",
"url": "https://go.dev/cl/652998"
},
{
"category": "external",
"summary": "https://go.dev/issue/71988",
"url": "https://go.dev/issue/71988"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk",
"url": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3563",
"url": "https://pkg.go.dev/vuln/GO-2025-3563"
}
],
"release_date": "2025-04-08T20:04:34.769000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-09T02:29:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.12-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.12-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.12-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.12-2.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.12-2.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.12-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.12-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.12-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.12-2.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.12-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.12-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.12-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.12-2.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.12-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.12-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.12-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.12-2.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8632"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.12-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.12-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.12-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.12-2.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.12-2.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.12-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.12-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.12-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.12-2.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.12-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.12-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.12-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.12-2.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.12-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.12-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.12-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.12-2.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.12-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.12-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.12-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.12-2.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:buildah-2:1.33.12-2.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.12-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.12-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.12-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debuginfo-2:1.33.12-2.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.12-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.12-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.12-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-debugsource-2:1.33.12-2.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.12-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.12-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.12-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-2:1.33.12-2.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:buildah-tests-debuginfo-2:1.33.12-2.el9_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http"
}
]
}
RHSA-2025:8633
Vulnerability from csaf_redhat - Published: 2025-06-09 02:20 - Updated: 2026-05-28 20:49Summary
Red Hat Security Advisory: skopeo security update
Severity
Moderate
Notes
Topic: An update for skopeo is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.
Security Fix(es):
* net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.
5.4 (Medium)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for skopeo is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. \n\nSecurity Fix(es):\n\n* net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:8633",
"url": "https://access.redhat.com/errata/RHSA-2025:8633"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2358493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8633.json"
}
],
"title": "Red Hat Security Advisory: skopeo security update",
"tracking": {
"current_release_date": "2026-05-28T20:49:40+00:00",
"generator": {
"date": "2026-05-28T20:49:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:8633",
"initial_release_date": "2025-06-09T02:20:33+00:00",
"revision_history": [
{
"date": "2025-06-09T02:20:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-09T02:20:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-28T20:49:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.14.5-2.el9_4.1.src",
"product": {
"name": "skopeo-2:1.14.5-2.el9_4.1.src",
"product_id": "skopeo-2:1.14.5-2.el9_4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.14.5-2.el9_4.1?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.14.5-2.el9_4.1.aarch64",
"product": {
"name": "skopeo-2:1.14.5-2.el9_4.1.aarch64",
"product_id": "skopeo-2:1.14.5-2.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.14.5-2.el9_4.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.14.5-2.el9_4.1.aarch64",
"product": {
"name": "skopeo-tests-2:1.14.5-2.el9_4.1.aarch64",
"product_id": "skopeo-tests-2:1.14.5-2.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.14.5-2.el9_4.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.14.5-2.el9_4.1.aarch64",
"product": {
"name": "skopeo-debugsource-2:1.14.5-2.el9_4.1.aarch64",
"product_id": "skopeo-debugsource-2:1.14.5-2.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.14.5-2.el9_4.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.14.5-2.el9_4.1.aarch64",
"product": {
"name": "skopeo-debuginfo-2:1.14.5-2.el9_4.1.aarch64",
"product_id": "skopeo-debuginfo-2:1.14.5-2.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.14.5-2.el9_4.1?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.14.5-2.el9_4.1.ppc64le",
"product": {
"name": "skopeo-2:1.14.5-2.el9_4.1.ppc64le",
"product_id": "skopeo-2:1.14.5-2.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.14.5-2.el9_4.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.14.5-2.el9_4.1.ppc64le",
"product": {
"name": "skopeo-tests-2:1.14.5-2.el9_4.1.ppc64le",
"product_id": "skopeo-tests-2:1.14.5-2.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.14.5-2.el9_4.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.14.5-2.el9_4.1.ppc64le",
"product": {
"name": "skopeo-debugsource-2:1.14.5-2.el9_4.1.ppc64le",
"product_id": "skopeo-debugsource-2:1.14.5-2.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.14.5-2.el9_4.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.14.5-2.el9_4.1.ppc64le",
"product": {
"name": "skopeo-debuginfo-2:1.14.5-2.el9_4.1.ppc64le",
"product_id": "skopeo-debuginfo-2:1.14.5-2.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.14.5-2.el9_4.1?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.14.5-2.el9_4.1.x86_64",
"product": {
"name": "skopeo-2:1.14.5-2.el9_4.1.x86_64",
"product_id": "skopeo-2:1.14.5-2.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.14.5-2.el9_4.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.14.5-2.el9_4.1.x86_64",
"product": {
"name": "skopeo-tests-2:1.14.5-2.el9_4.1.x86_64",
"product_id": "skopeo-tests-2:1.14.5-2.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.14.5-2.el9_4.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.14.5-2.el9_4.1.x86_64",
"product": {
"name": "skopeo-debugsource-2:1.14.5-2.el9_4.1.x86_64",
"product_id": "skopeo-debugsource-2:1.14.5-2.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.14.5-2.el9_4.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.14.5-2.el9_4.1.x86_64",
"product": {
"name": "skopeo-debuginfo-2:1.14.5-2.el9_4.1.x86_64",
"product_id": "skopeo-debuginfo-2:1.14.5-2.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.14.5-2.el9_4.1?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-2:1.14.5-2.el9_4.1.s390x",
"product": {
"name": "skopeo-2:1.14.5-2.el9_4.1.s390x",
"product_id": "skopeo-2:1.14.5-2.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo@1.14.5-2.el9_4.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-tests-2:1.14.5-2.el9_4.1.s390x",
"product": {
"name": "skopeo-tests-2:1.14.5-2.el9_4.1.s390x",
"product_id": "skopeo-tests-2:1.14.5-2.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-tests@1.14.5-2.el9_4.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debugsource-2:1.14.5-2.el9_4.1.s390x",
"product": {
"name": "skopeo-debugsource-2:1.14.5-2.el9_4.1.s390x",
"product_id": "skopeo-debugsource-2:1.14.5-2.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debugsource@1.14.5-2.el9_4.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "skopeo-debuginfo-2:1.14.5-2.el9_4.1.s390x",
"product": {
"name": "skopeo-debuginfo-2:1.14.5-2.el9_4.1.s390x",
"product_id": "skopeo-debuginfo-2:1.14.5-2.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/skopeo-debuginfo@1.14.5-2.el9_4.1?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.14.5-2.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.1.aarch64"
},
"product_reference": "skopeo-2:1.14.5-2.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.14.5-2.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.1.ppc64le"
},
"product_reference": "skopeo-2:1.14.5-2.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.14.5-2.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.1.s390x"
},
"product_reference": "skopeo-2:1.14.5-2.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.14.5-2.el9_4.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.1.src"
},
"product_reference": "skopeo-2:1.14.5-2.el9_4.1.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-2:1.14.5-2.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.1.x86_64"
},
"product_reference": "skopeo-2:1.14.5-2.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.14.5-2.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.1.aarch64"
},
"product_reference": "skopeo-debuginfo-2:1.14.5-2.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.14.5-2.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.1.ppc64le"
},
"product_reference": "skopeo-debuginfo-2:1.14.5-2.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.14.5-2.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.1.s390x"
},
"product_reference": "skopeo-debuginfo-2:1.14.5-2.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debuginfo-2:1.14.5-2.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.1.x86_64"
},
"product_reference": "skopeo-debuginfo-2:1.14.5-2.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.14.5-2.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.1.aarch64"
},
"product_reference": "skopeo-debugsource-2:1.14.5-2.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.14.5-2.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.1.ppc64le"
},
"product_reference": "skopeo-debugsource-2:1.14.5-2.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.14.5-2.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.1.s390x"
},
"product_reference": "skopeo-debugsource-2:1.14.5-2.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-debugsource-2:1.14.5-2.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.1.x86_64"
},
"product_reference": "skopeo-debugsource-2:1.14.5-2.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.14.5-2.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.1.aarch64"
},
"product_reference": "skopeo-tests-2:1.14.5-2.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.14.5-2.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.1.ppc64le"
},
"product_reference": "skopeo-tests-2:1.14.5-2.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.14.5-2.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.1.s390x"
},
"product_reference": "skopeo-tests-2:1.14.5-2.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-tests-2:1.14.5-2.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.1.x86_64"
},
"product_reference": "skopeo-tests-2:1.14.5-2.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22871",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-04-08T21:01:32.229479+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358493"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling\u2014where an attacker tricks the system to send hidden or unauthorized requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite is rated as Low severity for this vulnerability. However, other affected components remain Moderate. Satellite uses the affected Go net/http component solely as a client to make requests, not as a server. Since this vulnerability only affects server-side usage, Satellite is not directly exposed to the flaw, justifying the lower severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22871"
},
{
"category": "external",
"summary": "RHBZ#2358493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871"
},
{
"category": "external",
"summary": "https://go.dev/cl/652998",
"url": "https://go.dev/cl/652998"
},
{
"category": "external",
"summary": "https://go.dev/issue/71988",
"url": "https://go.dev/issue/71988"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk",
"url": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3563",
"url": "https://pkg.go.dev/vuln/GO-2025-3563"
}
],
"release_date": "2025-04-08T20:04:34.769000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-09T02:20:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8633"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:skopeo-2:1.14.5-2.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debuginfo-2:1.14.5-2.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-debugsource-2:1.14.5-2.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:skopeo-tests-2:1.14.5-2.el9_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http"
}
]
}
RHSA-2025:8634
Vulnerability from csaf_redhat - Published: 2025-06-09 03:29 - Updated: 2026-05-28 20:49Summary
Red Hat Security Advisory: podman security update
Severity
Moderate
Notes
Topic: An update for podman is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.
Security Fix(es):
* net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.
5.4 (Medium)
Affected products
Fixed
34 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-4:4.9.4-18.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-4:4.9.4-18.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-4:4.9.4-18.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-4:4.9.4-18.el9_4.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-4:4.9.4-18.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-18.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-18.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-18.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-18.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-18.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-18.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-18.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-18.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-docker-4:4.9.4-18.el9_4.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-18.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-18.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-18.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-18.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-18.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-18.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-18.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-18.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-18.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-18.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-18.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-18.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-18.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-18.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-18.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-18.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for podman is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.\n\nSecurity Fix(es):\n\n* net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:8634",
"url": "https://access.redhat.com/errata/RHSA-2025:8634"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2358493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8634.json"
}
],
"title": "Red Hat Security Advisory: podman security update",
"tracking": {
"current_release_date": "2026-05-28T20:49:41+00:00",
"generator": {
"date": "2026-05-28T20:49:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:8634",
"initial_release_date": "2025-06-09T03:29:53+00:00",
"revision_history": [
{
"date": "2025-06-09T03:29:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-09T03:29:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-28T20:49:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4:4.9.4-18.el9_4.1.src",
"product": {
"name": "podman-4:4.9.4-18.el9_4.1.src",
"product_id": "podman-4:4.9.4-18.el9_4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@4.9.4-18.el9_4.1?arch=src\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4:4.9.4-18.el9_4.1.aarch64",
"product": {
"name": "podman-4:4.9.4-18.el9_4.1.aarch64",
"product_id": "podman-4:4.9.4-18.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@4.9.4-18.el9_4.1?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-4:4.9.4-18.el9_4.1.aarch64",
"product": {
"name": "podman-plugins-4:4.9.4-18.el9_4.1.aarch64",
"product_id": "podman-plugins-4:4.9.4-18.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@4.9.4-18.el9_4.1?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-remote-4:4.9.4-18.el9_4.1.aarch64",
"product": {
"name": "podman-remote-4:4.9.4-18.el9_4.1.aarch64",
"product_id": "podman-remote-4:4.9.4-18.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@4.9.4-18.el9_4.1?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-tests-4:4.9.4-18.el9_4.1.aarch64",
"product": {
"name": "podman-tests-4:4.9.4-18.el9_4.1.aarch64",
"product_id": "podman-tests-4:4.9.4-18.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@4.9.4-18.el9_4.1?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-4:4.9.4-18.el9_4.1.aarch64",
"product": {
"name": "podman-debugsource-4:4.9.4-18.el9_4.1.aarch64",
"product_id": "podman-debugsource-4:4.9.4-18.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@4.9.4-18.el9_4.1?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-4:4.9.4-18.el9_4.1.aarch64",
"product": {
"name": "podman-debuginfo-4:4.9.4-18.el9_4.1.aarch64",
"product_id": "podman-debuginfo-4:4.9.4-18.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@4.9.4-18.el9_4.1?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.aarch64",
"product": {
"name": "podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.aarch64",
"product_id": "podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@4.9.4-18.el9_4.1?arch=aarch64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-4:4.9.4-18.el9_4.1.aarch64",
"product": {
"name": "podman-remote-debuginfo-4:4.9.4-18.el9_4.1.aarch64",
"product_id": "podman-remote-debuginfo-4:4.9.4-18.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@4.9.4-18.el9_4.1?arch=aarch64\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4:4.9.4-18.el9_4.1.ppc64le",
"product": {
"name": "podman-4:4.9.4-18.el9_4.1.ppc64le",
"product_id": "podman-4:4.9.4-18.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@4.9.4-18.el9_4.1?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-4:4.9.4-18.el9_4.1.ppc64le",
"product": {
"name": "podman-plugins-4:4.9.4-18.el9_4.1.ppc64le",
"product_id": "podman-plugins-4:4.9.4-18.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@4.9.4-18.el9_4.1?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-remote-4:4.9.4-18.el9_4.1.ppc64le",
"product": {
"name": "podman-remote-4:4.9.4-18.el9_4.1.ppc64le",
"product_id": "podman-remote-4:4.9.4-18.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@4.9.4-18.el9_4.1?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-tests-4:4.9.4-18.el9_4.1.ppc64le",
"product": {
"name": "podman-tests-4:4.9.4-18.el9_4.1.ppc64le",
"product_id": "podman-tests-4:4.9.4-18.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@4.9.4-18.el9_4.1?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-4:4.9.4-18.el9_4.1.ppc64le",
"product": {
"name": "podman-debugsource-4:4.9.4-18.el9_4.1.ppc64le",
"product_id": "podman-debugsource-4:4.9.4-18.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@4.9.4-18.el9_4.1?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-4:4.9.4-18.el9_4.1.ppc64le",
"product": {
"name": "podman-debuginfo-4:4.9.4-18.el9_4.1.ppc64le",
"product_id": "podman-debuginfo-4:4.9.4-18.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@4.9.4-18.el9_4.1?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.ppc64le",
"product": {
"name": "podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.ppc64le",
"product_id": "podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@4.9.4-18.el9_4.1?arch=ppc64le\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-4:4.9.4-18.el9_4.1.ppc64le",
"product": {
"name": "podman-remote-debuginfo-4:4.9.4-18.el9_4.1.ppc64le",
"product_id": "podman-remote-debuginfo-4:4.9.4-18.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@4.9.4-18.el9_4.1?arch=ppc64le\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4:4.9.4-18.el9_4.1.x86_64",
"product": {
"name": "podman-4:4.9.4-18.el9_4.1.x86_64",
"product_id": "podman-4:4.9.4-18.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@4.9.4-18.el9_4.1?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-4:4.9.4-18.el9_4.1.x86_64",
"product": {
"name": "podman-plugins-4:4.9.4-18.el9_4.1.x86_64",
"product_id": "podman-plugins-4:4.9.4-18.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@4.9.4-18.el9_4.1?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-remote-4:4.9.4-18.el9_4.1.x86_64",
"product": {
"name": "podman-remote-4:4.9.4-18.el9_4.1.x86_64",
"product_id": "podman-remote-4:4.9.4-18.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@4.9.4-18.el9_4.1?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-tests-4:4.9.4-18.el9_4.1.x86_64",
"product": {
"name": "podman-tests-4:4.9.4-18.el9_4.1.x86_64",
"product_id": "podman-tests-4:4.9.4-18.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@4.9.4-18.el9_4.1?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-4:4.9.4-18.el9_4.1.x86_64",
"product": {
"name": "podman-debugsource-4:4.9.4-18.el9_4.1.x86_64",
"product_id": "podman-debugsource-4:4.9.4-18.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@4.9.4-18.el9_4.1?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-4:4.9.4-18.el9_4.1.x86_64",
"product": {
"name": "podman-debuginfo-4:4.9.4-18.el9_4.1.x86_64",
"product_id": "podman-debuginfo-4:4.9.4-18.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@4.9.4-18.el9_4.1?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.x86_64",
"product": {
"name": "podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.x86_64",
"product_id": "podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@4.9.4-18.el9_4.1?arch=x86_64\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-4:4.9.4-18.el9_4.1.x86_64",
"product": {
"name": "podman-remote-debuginfo-4:4.9.4-18.el9_4.1.x86_64",
"product_id": "podman-remote-debuginfo-4:4.9.4-18.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@4.9.4-18.el9_4.1?arch=x86_64\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4:4.9.4-18.el9_4.1.s390x",
"product": {
"name": "podman-4:4.9.4-18.el9_4.1.s390x",
"product_id": "podman-4:4.9.4-18.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman@4.9.4-18.el9_4.1?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-4:4.9.4-18.el9_4.1.s390x",
"product": {
"name": "podman-plugins-4:4.9.4-18.el9_4.1.s390x",
"product_id": "podman-plugins-4:4.9.4-18.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins@4.9.4-18.el9_4.1?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-remote-4:4.9.4-18.el9_4.1.s390x",
"product": {
"name": "podman-remote-4:4.9.4-18.el9_4.1.s390x",
"product_id": "podman-remote-4:4.9.4-18.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote@4.9.4-18.el9_4.1?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-tests-4:4.9.4-18.el9_4.1.s390x",
"product": {
"name": "podman-tests-4:4.9.4-18.el9_4.1.s390x",
"product_id": "podman-tests-4:4.9.4-18.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-tests@4.9.4-18.el9_4.1?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-debugsource-4:4.9.4-18.el9_4.1.s390x",
"product": {
"name": "podman-debugsource-4:4.9.4-18.el9_4.1.s390x",
"product_id": "podman-debugsource-4:4.9.4-18.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debugsource@4.9.4-18.el9_4.1?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-debuginfo-4:4.9.4-18.el9_4.1.s390x",
"product": {
"name": "podman-debuginfo-4:4.9.4-18.el9_4.1.s390x",
"product_id": "podman-debuginfo-4:4.9.4-18.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-debuginfo@4.9.4-18.el9_4.1?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.s390x",
"product": {
"name": "podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.s390x",
"product_id": "podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-plugins-debuginfo@4.9.4-18.el9_4.1?arch=s390x\u0026epoch=4"
}
}
},
{
"category": "product_version",
"name": "podman-remote-debuginfo-4:4.9.4-18.el9_4.1.s390x",
"product": {
"name": "podman-remote-debuginfo-4:4.9.4-18.el9_4.1.s390x",
"product_id": "podman-remote-debuginfo-4:4.9.4-18.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-remote-debuginfo@4.9.4-18.el9_4.1?arch=s390x\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-docker-4:4.9.4-18.el9_4.1.noarch",
"product": {
"name": "podman-docker-4:4.9.4-18.el9_4.1.noarch",
"product_id": "podman-docker-4:4.9.4-18.el9_4.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/podman-docker@4.9.4-18.el9_4.1?arch=noarch\u0026epoch=4"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4:4.9.4-18.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-4:4.9.4-18.el9_4.1.aarch64"
},
"product_reference": "podman-4:4.9.4-18.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4:4.9.4-18.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-4:4.9.4-18.el9_4.1.ppc64le"
},
"product_reference": "podman-4:4.9.4-18.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4:4.9.4-18.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-4:4.9.4-18.el9_4.1.s390x"
},
"product_reference": "podman-4:4.9.4-18.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4:4.9.4-18.el9_4.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-4:4.9.4-18.el9_4.1.src"
},
"product_reference": "podman-4:4.9.4-18.el9_4.1.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4:4.9.4-18.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-4:4.9.4-18.el9_4.1.x86_64"
},
"product_reference": "podman-4:4.9.4-18.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-4:4.9.4-18.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-18.el9_4.1.aarch64"
},
"product_reference": "podman-debuginfo-4:4.9.4-18.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-4:4.9.4-18.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-18.el9_4.1.ppc64le"
},
"product_reference": "podman-debuginfo-4:4.9.4-18.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-4:4.9.4-18.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-18.el9_4.1.s390x"
},
"product_reference": "podman-debuginfo-4:4.9.4-18.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debuginfo-4:4.9.4-18.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-18.el9_4.1.x86_64"
},
"product_reference": "podman-debuginfo-4:4.9.4-18.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-4:4.9.4-18.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-18.el9_4.1.aarch64"
},
"product_reference": "podman-debugsource-4:4.9.4-18.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-4:4.9.4-18.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-18.el9_4.1.ppc64le"
},
"product_reference": "podman-debugsource-4:4.9.4-18.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-4:4.9.4-18.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-18.el9_4.1.s390x"
},
"product_reference": "podman-debugsource-4:4.9.4-18.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-debugsource-4:4.9.4-18.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-18.el9_4.1.x86_64"
},
"product_reference": "podman-debugsource-4:4.9.4-18.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-4:4.9.4-18.el9_4.1.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-docker-4:4.9.4-18.el9_4.1.noarch"
},
"product_reference": "podman-docker-4:4.9.4-18.el9_4.1.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-4:4.9.4-18.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-18.el9_4.1.aarch64"
},
"product_reference": "podman-plugins-4:4.9.4-18.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-4:4.9.4-18.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-18.el9_4.1.ppc64le"
},
"product_reference": "podman-plugins-4:4.9.4-18.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-4:4.9.4-18.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-18.el9_4.1.s390x"
},
"product_reference": "podman-plugins-4:4.9.4-18.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-4:4.9.4-18.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-18.el9_4.1.x86_64"
},
"product_reference": "podman-plugins-4:4.9.4-18.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.aarch64"
},
"product_reference": "podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.ppc64le"
},
"product_reference": "podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.s390x"
},
"product_reference": "podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.x86_64"
},
"product_reference": "podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4:4.9.4-18.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-18.el9_4.1.aarch64"
},
"product_reference": "podman-remote-4:4.9.4-18.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4:4.9.4-18.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-18.el9_4.1.ppc64le"
},
"product_reference": "podman-remote-4:4.9.4-18.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4:4.9.4-18.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-18.el9_4.1.s390x"
},
"product_reference": "podman-remote-4:4.9.4-18.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4:4.9.4-18.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-18.el9_4.1.x86_64"
},
"product_reference": "podman-remote-4:4.9.4-18.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-4:4.9.4-18.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-18.el9_4.1.aarch64"
},
"product_reference": "podman-remote-debuginfo-4:4.9.4-18.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-4:4.9.4-18.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-18.el9_4.1.ppc64le"
},
"product_reference": "podman-remote-debuginfo-4:4.9.4-18.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-4:4.9.4-18.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-18.el9_4.1.s390x"
},
"product_reference": "podman-remote-debuginfo-4:4.9.4-18.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-debuginfo-4:4.9.4-18.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-18.el9_4.1.x86_64"
},
"product_reference": "podman-remote-debuginfo-4:4.9.4-18.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-4:4.9.4-18.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-18.el9_4.1.aarch64"
},
"product_reference": "podman-tests-4:4.9.4-18.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-4:4.9.4-18.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-18.el9_4.1.ppc64le"
},
"product_reference": "podman-tests-4:4.9.4-18.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-4:4.9.4-18.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-18.el9_4.1.s390x"
},
"product_reference": "podman-tests-4:4.9.4-18.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-tests-4:4.9.4-18.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-18.el9_4.1.x86_64"
},
"product_reference": "podman-tests-4:4.9.4-18.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22871",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-04-08T21:01:32.229479+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358493"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling\u2014where an attacker tricks the system to send hidden or unauthorized requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite is rated as Low severity for this vulnerability. However, other affected components remain Moderate. Satellite uses the affected Go net/http component solely as a client to make requests, not as a server. Since this vulnerability only affects server-side usage, Satellite is not directly exposed to the flaw, justifying the lower severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-18.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-18.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-18.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-18.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:podman-docker-4:4.9.4-18.el9_4.1.noarch",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-18.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-18.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-18.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-18.el9_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22871"
},
{
"category": "external",
"summary": "RHBZ#2358493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871"
},
{
"category": "external",
"summary": "https://go.dev/cl/652998",
"url": "https://go.dev/cl/652998"
},
{
"category": "external",
"summary": "https://go.dev/issue/71988",
"url": "https://go.dev/issue/71988"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk",
"url": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3563",
"url": "https://pkg.go.dev/vuln/GO-2025-3563"
}
],
"release_date": "2025-04-08T20:04:34.769000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-09T03:29:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-18.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-18.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-18.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-18.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:podman-docker-4:4.9.4-18.el9_4.1.noarch",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-18.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-18.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-18.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-18.el9_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8634"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-18.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-18.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-18.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-18.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:podman-docker-4:4.9.4-18.el9_4.1.noarch",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-18.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-18.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-18.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-18.el9_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-18.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:podman-4:4.9.4-18.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-debuginfo-4:4.9.4-18.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-debugsource-4:4.9.4-18.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:podman-docker-4:4.9.4-18.el9_4.1.noarch",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-4:4.9.4-18.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-plugins-debuginfo-4:4.9.4-18.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-4:4.9.4-18.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-remote-debuginfo-4:4.9.4-18.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-18.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-18.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-18.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:podman-tests-4:4.9.4-18.el9_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http"
}
]
}
RHSA-2025:8665
Vulnerability from csaf_redhat - Published: 2025-06-09 10:18 - Updated: 2026-05-28 20:49Summary
Red Hat Security Advisory: grafana security update
Severity
Important
Notes
Topic: An update for grafana is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
Security Fix(es):
* net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)
* grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins and Open Redirect (CVE-2025-4123)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Grafana's custom frontend plugin handling. This vulnerability allows an attacker to perform a cross-site scripting (XSS) attack by exploiting a client path traversal and an open redirect issue, leading to arbitrary JavaScript execution and potential user redirection to malicious websites. This attack can be carried out without requiring elevated privileges if anonymous access is enabled.
7.6 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.
5.4 (Medium)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grafana is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB \u0026 OpenTSDB. \n\nSecurity Fix(es):\n\n* net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)\n\n* grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins and Open Redirect (CVE-2025-4123)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:8665",
"url": "https://access.redhat.com/errata/RHSA-2025:8665"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2358493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
},
{
"category": "external",
"summary": "2364632",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364632"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8665.json"
}
],
"title": "Red Hat Security Advisory: grafana security update",
"tracking": {
"current_release_date": "2026-05-28T20:49:42+00:00",
"generator": {
"date": "2026-05-28T20:49:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:8665",
"initial_release_date": "2025-06-09T10:18:20+00:00",
"revision_history": [
{
"date": "2025-06-09T10:18:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-09T10:18:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-28T20:49:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:9.2.10-23.el9_4.src",
"product": {
"name": "grafana-0:9.2.10-23.el9_4.src",
"product_id": "grafana-0:9.2.10-23.el9_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@9.2.10-23.el9_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:9.2.10-23.el9_4.aarch64",
"product": {
"name": "grafana-0:9.2.10-23.el9_4.aarch64",
"product_id": "grafana-0:9.2.10-23.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@9.2.10-23.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-selinux-0:9.2.10-23.el9_4.aarch64",
"product": {
"name": "grafana-selinux-0:9.2.10-23.el9_4.aarch64",
"product_id": "grafana-selinux-0:9.2.10-23.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-selinux@9.2.10-23.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:9.2.10-23.el9_4.aarch64",
"product": {
"name": "grafana-debugsource-0:9.2.10-23.el9_4.aarch64",
"product_id": "grafana-debugsource-0:9.2.10-23.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@9.2.10-23.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:9.2.10-23.el9_4.aarch64",
"product": {
"name": "grafana-debuginfo-0:9.2.10-23.el9_4.aarch64",
"product_id": "grafana-debuginfo-0:9.2.10-23.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@9.2.10-23.el9_4?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:9.2.10-23.el9_4.ppc64le",
"product": {
"name": "grafana-0:9.2.10-23.el9_4.ppc64le",
"product_id": "grafana-0:9.2.10-23.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@9.2.10-23.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-selinux-0:9.2.10-23.el9_4.ppc64le",
"product": {
"name": "grafana-selinux-0:9.2.10-23.el9_4.ppc64le",
"product_id": "grafana-selinux-0:9.2.10-23.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-selinux@9.2.10-23.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:9.2.10-23.el9_4.ppc64le",
"product": {
"name": "grafana-debugsource-0:9.2.10-23.el9_4.ppc64le",
"product_id": "grafana-debugsource-0:9.2.10-23.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@9.2.10-23.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:9.2.10-23.el9_4.ppc64le",
"product": {
"name": "grafana-debuginfo-0:9.2.10-23.el9_4.ppc64le",
"product_id": "grafana-debuginfo-0:9.2.10-23.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@9.2.10-23.el9_4?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:9.2.10-23.el9_4.x86_64",
"product": {
"name": "grafana-0:9.2.10-23.el9_4.x86_64",
"product_id": "grafana-0:9.2.10-23.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@9.2.10-23.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-selinux-0:9.2.10-23.el9_4.x86_64",
"product": {
"name": "grafana-selinux-0:9.2.10-23.el9_4.x86_64",
"product_id": "grafana-selinux-0:9.2.10-23.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-selinux@9.2.10-23.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:9.2.10-23.el9_4.x86_64",
"product": {
"name": "grafana-debugsource-0:9.2.10-23.el9_4.x86_64",
"product_id": "grafana-debugsource-0:9.2.10-23.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@9.2.10-23.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:9.2.10-23.el9_4.x86_64",
"product": {
"name": "grafana-debuginfo-0:9.2.10-23.el9_4.x86_64",
"product_id": "grafana-debuginfo-0:9.2.10-23.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@9.2.10-23.el9_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:9.2.10-23.el9_4.s390x",
"product": {
"name": "grafana-0:9.2.10-23.el9_4.s390x",
"product_id": "grafana-0:9.2.10-23.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@9.2.10-23.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-selinux-0:9.2.10-23.el9_4.s390x",
"product": {
"name": "grafana-selinux-0:9.2.10-23.el9_4.s390x",
"product_id": "grafana-selinux-0:9.2.10-23.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-selinux@9.2.10-23.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:9.2.10-23.el9_4.s390x",
"product": {
"name": "grafana-debugsource-0:9.2.10-23.el9_4.s390x",
"product_id": "grafana-debugsource-0:9.2.10-23.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@9.2.10-23.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:9.2.10-23.el9_4.s390x",
"product": {
"name": "grafana-debuginfo-0:9.2.10-23.el9_4.s390x",
"product_id": "grafana-debuginfo-0:9.2.10-23.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@9.2.10-23.el9_4?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:9.2.10-23.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.aarch64"
},
"product_reference": "grafana-0:9.2.10-23.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:9.2.10-23.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.ppc64le"
},
"product_reference": "grafana-0:9.2.10-23.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:9.2.10-23.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.s390x"
},
"product_reference": "grafana-0:9.2.10-23.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:9.2.10-23.el9_4.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.src"
},
"product_reference": "grafana-0:9.2.10-23.el9_4.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:9.2.10-23.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.x86_64"
},
"product_reference": "grafana-0:9.2.10-23.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:9.2.10-23.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.aarch64"
},
"product_reference": "grafana-debuginfo-0:9.2.10-23.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:9.2.10-23.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.ppc64le"
},
"product_reference": "grafana-debuginfo-0:9.2.10-23.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:9.2.10-23.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.s390x"
},
"product_reference": "grafana-debuginfo-0:9.2.10-23.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:9.2.10-23.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.x86_64"
},
"product_reference": "grafana-debuginfo-0:9.2.10-23.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:9.2.10-23.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.aarch64"
},
"product_reference": "grafana-debugsource-0:9.2.10-23.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:9.2.10-23.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.ppc64le"
},
"product_reference": "grafana-debugsource-0:9.2.10-23.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:9.2.10-23.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.s390x"
},
"product_reference": "grafana-debugsource-0:9.2.10-23.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:9.2.10-23.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.x86_64"
},
"product_reference": "grafana-debugsource-0:9.2.10-23.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-selinux-0:9.2.10-23.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.aarch64"
},
"product_reference": "grafana-selinux-0:9.2.10-23.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-selinux-0:9.2.10-23.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.ppc64le"
},
"product_reference": "grafana-selinux-0:9.2.10-23.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-selinux-0:9.2.10-23.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.s390x"
},
"product_reference": "grafana-selinux-0:9.2.10-23.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-selinux-0:9.2.10-23.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.x86_64"
},
"product_reference": "grafana-selinux-0:9.2.10-23.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4123",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2025-05-07T07:34:59.603000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2364632"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Grafana\u0027s custom frontend plugin handling. This vulnerability allows an attacker to perform a cross-site scripting (XSS) attack by exploiting a client path traversal and an open redirect issue, leading to arbitrary JavaScript execution and potential user redirection to malicious websites. This attack can be carried out without requiring elevated privileges if anonymous access is enabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins and Open Redirect",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Grafana vulnerability is Important due to its low exploitation barrier and high impact. Unlike typical XSS flaws, it can be triggered without authentication if anonymous access is enabled\u2014a common setup in shared dashboards. It arises from improper handling of user-supplied paths in custom frontend plugins, leading to XSS and open redirect. When combined with the Grafana Image Renderer plugin, it enables full-read SSRF, exposing internal services and cloud metadata. This makes it a high-severity issue with serious real-world implications, especially in misconfigured or publicly exposed Grafana instances.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.src",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4123"
},
{
"category": "external",
"summary": "RHBZ#2364632",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364632"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4123",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4123"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4123",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4123"
},
{
"category": "external",
"summary": "https://grafana.com/grafana/plugins/instana-datasource/?tab=changelog",
"url": "https://grafana.com/grafana/plugins/instana-datasource/?tab=changelog"
}
],
"release_date": "2025-05-15T03:49:32.464000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-09T10:18:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.src",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8665"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.src",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.src",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins and Open Redirect"
},
{
"cve": "CVE-2025-22871",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-04-08T21:01:32.229479+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358493"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling\u2014where an attacker tricks the system to send hidden or unauthorized requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite is rated as Low severity for this vulnerability. However, other affected components remain Moderate. Satellite uses the affected Go net/http component solely as a client to make requests, not as a server. Since this vulnerability only affects server-side usage, Satellite is not directly exposed to the flaw, justifying the lower severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.src",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22871"
},
{
"category": "external",
"summary": "RHBZ#2358493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871"
},
{
"category": "external",
"summary": "https://go.dev/cl/652998",
"url": "https://go.dev/cl/652998"
},
{
"category": "external",
"summary": "https://go.dev/issue/71988",
"url": "https://go.dev/issue/71988"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk",
"url": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3563",
"url": "https://pkg.go.dev/vuln/GO-2025-3563"
}
],
"release_date": "2025-04-08T20:04:34.769000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-09T10:18:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.src",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8665"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.src",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.src",
"AppStream-9.4.0.Z.EUS:grafana-0:9.2.10-23.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-debuginfo-0:9.2.10-23.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-debugsource-0:9.2.10-23.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:grafana-selinux-0:9.2.10-23.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http"
}
]
}
RHSA-2025:8666
Vulnerability from csaf_redhat - Published: 2025-06-09 10:19 - Updated: 2026-05-28 20:49Summary
Red Hat Security Advisory: grafana security update
Severity
Moderate
Notes
Topic: An update for grafana is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
Security Fix(es):
* net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.
5.4 (Medium)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z:grafana-0:10.2.6-18.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z:grafana-0:10.2.6-18.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z:grafana-0:10.2.6-18.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z:grafana-0:10.2.6-18.el10_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z:grafana-0:10.2.6-18.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z:grafana-debuginfo-0:10.2.6-18.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z:grafana-debuginfo-0:10.2.6-18.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z:grafana-debuginfo-0:10.2.6-18.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z:grafana-debuginfo-0:10.2.6-18.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z:grafana-debugsource-0:10.2.6-18.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z:grafana-debugsource-0:10.2.6-18.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z:grafana-debugsource-0:10.2.6-18.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z:grafana-debugsource-0:10.2.6-18.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z:grafana-selinux-0:10.2.6-18.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z:grafana-selinux-0:10.2.6-18.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z:grafana-selinux-0:10.2.6-18.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z:grafana-selinux-0:10.2.6-18.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grafana is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB \u0026 OpenTSDB. \n\nSecurity Fix(es):\n\n* net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:8666",
"url": "https://access.redhat.com/errata/RHSA-2025:8666"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2358493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8666.json"
}
],
"title": "Red Hat Security Advisory: grafana security update",
"tracking": {
"current_release_date": "2026-05-28T20:49:42+00:00",
"generator": {
"date": "2026-05-28T20:49:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:8666",
"initial_release_date": "2025-06-09T10:19:34+00:00",
"revision_history": [
{
"date": "2025-06-09T10:19:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-09T10:19:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-28T20:49:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:10.2.6-18.el10_0.src",
"product": {
"name": "grafana-0:10.2.6-18.el10_0.src",
"product_id": "grafana-0:10.2.6-18.el10_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@10.2.6-18.el10_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:10.2.6-18.el10_0.aarch64",
"product": {
"name": "grafana-0:10.2.6-18.el10_0.aarch64",
"product_id": "grafana-0:10.2.6-18.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@10.2.6-18.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-selinux-0:10.2.6-18.el10_0.aarch64",
"product": {
"name": "grafana-selinux-0:10.2.6-18.el10_0.aarch64",
"product_id": "grafana-selinux-0:10.2.6-18.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-selinux@10.2.6-18.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:10.2.6-18.el10_0.aarch64",
"product": {
"name": "grafana-debugsource-0:10.2.6-18.el10_0.aarch64",
"product_id": "grafana-debugsource-0:10.2.6-18.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@10.2.6-18.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:10.2.6-18.el10_0.aarch64",
"product": {
"name": "grafana-debuginfo-0:10.2.6-18.el10_0.aarch64",
"product_id": "grafana-debuginfo-0:10.2.6-18.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@10.2.6-18.el10_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:10.2.6-18.el10_0.ppc64le",
"product": {
"name": "grafana-0:10.2.6-18.el10_0.ppc64le",
"product_id": "grafana-0:10.2.6-18.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@10.2.6-18.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-selinux-0:10.2.6-18.el10_0.ppc64le",
"product": {
"name": "grafana-selinux-0:10.2.6-18.el10_0.ppc64le",
"product_id": "grafana-selinux-0:10.2.6-18.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-selinux@10.2.6-18.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:10.2.6-18.el10_0.ppc64le",
"product": {
"name": "grafana-debugsource-0:10.2.6-18.el10_0.ppc64le",
"product_id": "grafana-debugsource-0:10.2.6-18.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@10.2.6-18.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:10.2.6-18.el10_0.ppc64le",
"product": {
"name": "grafana-debuginfo-0:10.2.6-18.el10_0.ppc64le",
"product_id": "grafana-debuginfo-0:10.2.6-18.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@10.2.6-18.el10_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:10.2.6-18.el10_0.x86_64",
"product": {
"name": "grafana-0:10.2.6-18.el10_0.x86_64",
"product_id": "grafana-0:10.2.6-18.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@10.2.6-18.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-selinux-0:10.2.6-18.el10_0.x86_64",
"product": {
"name": "grafana-selinux-0:10.2.6-18.el10_0.x86_64",
"product_id": "grafana-selinux-0:10.2.6-18.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-selinux@10.2.6-18.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:10.2.6-18.el10_0.x86_64",
"product": {
"name": "grafana-debugsource-0:10.2.6-18.el10_0.x86_64",
"product_id": "grafana-debugsource-0:10.2.6-18.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@10.2.6-18.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:10.2.6-18.el10_0.x86_64",
"product": {
"name": "grafana-debuginfo-0:10.2.6-18.el10_0.x86_64",
"product_id": "grafana-debuginfo-0:10.2.6-18.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@10.2.6-18.el10_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:10.2.6-18.el10_0.s390x",
"product": {
"name": "grafana-0:10.2.6-18.el10_0.s390x",
"product_id": "grafana-0:10.2.6-18.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@10.2.6-18.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-selinux-0:10.2.6-18.el10_0.s390x",
"product": {
"name": "grafana-selinux-0:10.2.6-18.el10_0.s390x",
"product_id": "grafana-selinux-0:10.2.6-18.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-selinux@10.2.6-18.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:10.2.6-18.el10_0.s390x",
"product": {
"name": "grafana-debugsource-0:10.2.6-18.el10_0.s390x",
"product_id": "grafana-debugsource-0:10.2.6-18.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@10.2.6-18.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:10.2.6-18.el10_0.s390x",
"product": {
"name": "grafana-debuginfo-0:10.2.6-18.el10_0.s390x",
"product_id": "grafana-debuginfo-0:10.2.6-18.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@10.2.6-18.el10_0?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:10.2.6-18.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:grafana-0:10.2.6-18.el10_0.aarch64"
},
"product_reference": "grafana-0:10.2.6-18.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:10.2.6-18.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:grafana-0:10.2.6-18.el10_0.ppc64le"
},
"product_reference": "grafana-0:10.2.6-18.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:10.2.6-18.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:grafana-0:10.2.6-18.el10_0.s390x"
},
"product_reference": "grafana-0:10.2.6-18.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:10.2.6-18.el10_0.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:grafana-0:10.2.6-18.el10_0.src"
},
"product_reference": "grafana-0:10.2.6-18.el10_0.src",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:10.2.6-18.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:grafana-0:10.2.6-18.el10_0.x86_64"
},
"product_reference": "grafana-0:10.2.6-18.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:10.2.6-18.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:grafana-debuginfo-0:10.2.6-18.el10_0.aarch64"
},
"product_reference": "grafana-debuginfo-0:10.2.6-18.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:10.2.6-18.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:grafana-debuginfo-0:10.2.6-18.el10_0.ppc64le"
},
"product_reference": "grafana-debuginfo-0:10.2.6-18.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:10.2.6-18.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:grafana-debuginfo-0:10.2.6-18.el10_0.s390x"
},
"product_reference": "grafana-debuginfo-0:10.2.6-18.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:10.2.6-18.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:grafana-debuginfo-0:10.2.6-18.el10_0.x86_64"
},
"product_reference": "grafana-debuginfo-0:10.2.6-18.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:10.2.6-18.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:grafana-debugsource-0:10.2.6-18.el10_0.aarch64"
},
"product_reference": "grafana-debugsource-0:10.2.6-18.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:10.2.6-18.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:grafana-debugsource-0:10.2.6-18.el10_0.ppc64le"
},
"product_reference": "grafana-debugsource-0:10.2.6-18.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:10.2.6-18.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:grafana-debugsource-0:10.2.6-18.el10_0.s390x"
},
"product_reference": "grafana-debugsource-0:10.2.6-18.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:10.2.6-18.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:grafana-debugsource-0:10.2.6-18.el10_0.x86_64"
},
"product_reference": "grafana-debugsource-0:10.2.6-18.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-selinux-0:10.2.6-18.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:grafana-selinux-0:10.2.6-18.el10_0.aarch64"
},
"product_reference": "grafana-selinux-0:10.2.6-18.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-selinux-0:10.2.6-18.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:grafana-selinux-0:10.2.6-18.el10_0.ppc64le"
},
"product_reference": "grafana-selinux-0:10.2.6-18.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-selinux-0:10.2.6-18.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:grafana-selinux-0:10.2.6-18.el10_0.s390x"
},
"product_reference": "grafana-selinux-0:10.2.6-18.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-selinux-0:10.2.6-18.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:grafana-selinux-0:10.2.6-18.el10_0.x86_64"
},
"product_reference": "grafana-selinux-0:10.2.6-18.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22871",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-04-08T21:01:32.229479+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358493"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling\u2014where an attacker tricks the system to send hidden or unauthorized requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite is rated as Low severity for this vulnerability. However, other affected components remain Moderate. Satellite uses the affected Go net/http component solely as a client to make requests, not as a server. Since this vulnerability only affects server-side usage, Satellite is not directly exposed to the flaw, justifying the lower severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z:grafana-0:10.2.6-18.el10_0.aarch64",
"AppStream-10.0.Z:grafana-0:10.2.6-18.el10_0.ppc64le",
"AppStream-10.0.Z:grafana-0:10.2.6-18.el10_0.s390x",
"AppStream-10.0.Z:grafana-0:10.2.6-18.el10_0.src",
"AppStream-10.0.Z:grafana-0:10.2.6-18.el10_0.x86_64",
"AppStream-10.0.Z:grafana-debuginfo-0:10.2.6-18.el10_0.aarch64",
"AppStream-10.0.Z:grafana-debuginfo-0:10.2.6-18.el10_0.ppc64le",
"AppStream-10.0.Z:grafana-debuginfo-0:10.2.6-18.el10_0.s390x",
"AppStream-10.0.Z:grafana-debuginfo-0:10.2.6-18.el10_0.x86_64",
"AppStream-10.0.Z:grafana-debugsource-0:10.2.6-18.el10_0.aarch64",
"AppStream-10.0.Z:grafana-debugsource-0:10.2.6-18.el10_0.ppc64le",
"AppStream-10.0.Z:grafana-debugsource-0:10.2.6-18.el10_0.s390x",
"AppStream-10.0.Z:grafana-debugsource-0:10.2.6-18.el10_0.x86_64",
"AppStream-10.0.Z:grafana-selinux-0:10.2.6-18.el10_0.aarch64",
"AppStream-10.0.Z:grafana-selinux-0:10.2.6-18.el10_0.ppc64le",
"AppStream-10.0.Z:grafana-selinux-0:10.2.6-18.el10_0.s390x",
"AppStream-10.0.Z:grafana-selinux-0:10.2.6-18.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22871"
},
{
"category": "external",
"summary": "RHBZ#2358493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871"
},
{
"category": "external",
"summary": "https://go.dev/cl/652998",
"url": "https://go.dev/cl/652998"
},
{
"category": "external",
"summary": "https://go.dev/issue/71988",
"url": "https://go.dev/issue/71988"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk",
"url": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3563",
"url": "https://pkg.go.dev/vuln/GO-2025-3563"
}
],
"release_date": "2025-04-08T20:04:34.769000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-09T10:19:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z:grafana-0:10.2.6-18.el10_0.aarch64",
"AppStream-10.0.Z:grafana-0:10.2.6-18.el10_0.ppc64le",
"AppStream-10.0.Z:grafana-0:10.2.6-18.el10_0.s390x",
"AppStream-10.0.Z:grafana-0:10.2.6-18.el10_0.src",
"AppStream-10.0.Z:grafana-0:10.2.6-18.el10_0.x86_64",
"AppStream-10.0.Z:grafana-debuginfo-0:10.2.6-18.el10_0.aarch64",
"AppStream-10.0.Z:grafana-debuginfo-0:10.2.6-18.el10_0.ppc64le",
"AppStream-10.0.Z:grafana-debuginfo-0:10.2.6-18.el10_0.s390x",
"AppStream-10.0.Z:grafana-debuginfo-0:10.2.6-18.el10_0.x86_64",
"AppStream-10.0.Z:grafana-debugsource-0:10.2.6-18.el10_0.aarch64",
"AppStream-10.0.Z:grafana-debugsource-0:10.2.6-18.el10_0.ppc64le",
"AppStream-10.0.Z:grafana-debugsource-0:10.2.6-18.el10_0.s390x",
"AppStream-10.0.Z:grafana-debugsource-0:10.2.6-18.el10_0.x86_64",
"AppStream-10.0.Z:grafana-selinux-0:10.2.6-18.el10_0.aarch64",
"AppStream-10.0.Z:grafana-selinux-0:10.2.6-18.el10_0.ppc64le",
"AppStream-10.0.Z:grafana-selinux-0:10.2.6-18.el10_0.s390x",
"AppStream-10.0.Z:grafana-selinux-0:10.2.6-18.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8666"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.Z:grafana-0:10.2.6-18.el10_0.aarch64",
"AppStream-10.0.Z:grafana-0:10.2.6-18.el10_0.ppc64le",
"AppStream-10.0.Z:grafana-0:10.2.6-18.el10_0.s390x",
"AppStream-10.0.Z:grafana-0:10.2.6-18.el10_0.src",
"AppStream-10.0.Z:grafana-0:10.2.6-18.el10_0.x86_64",
"AppStream-10.0.Z:grafana-debuginfo-0:10.2.6-18.el10_0.aarch64",
"AppStream-10.0.Z:grafana-debuginfo-0:10.2.6-18.el10_0.ppc64le",
"AppStream-10.0.Z:grafana-debuginfo-0:10.2.6-18.el10_0.s390x",
"AppStream-10.0.Z:grafana-debuginfo-0:10.2.6-18.el10_0.x86_64",
"AppStream-10.0.Z:grafana-debugsource-0:10.2.6-18.el10_0.aarch64",
"AppStream-10.0.Z:grafana-debugsource-0:10.2.6-18.el10_0.ppc64le",
"AppStream-10.0.Z:grafana-debugsource-0:10.2.6-18.el10_0.s390x",
"AppStream-10.0.Z:grafana-debugsource-0:10.2.6-18.el10_0.x86_64",
"AppStream-10.0.Z:grafana-selinux-0:10.2.6-18.el10_0.aarch64",
"AppStream-10.0.Z:grafana-selinux-0:10.2.6-18.el10_0.ppc64le",
"AppStream-10.0.Z:grafana-selinux-0:10.2.6-18.el10_0.s390x",
"AppStream-10.0.Z:grafana-selinux-0:10.2.6-18.el10_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z:grafana-0:10.2.6-18.el10_0.aarch64",
"AppStream-10.0.Z:grafana-0:10.2.6-18.el10_0.ppc64le",
"AppStream-10.0.Z:grafana-0:10.2.6-18.el10_0.s390x",
"AppStream-10.0.Z:grafana-0:10.2.6-18.el10_0.src",
"AppStream-10.0.Z:grafana-0:10.2.6-18.el10_0.x86_64",
"AppStream-10.0.Z:grafana-debuginfo-0:10.2.6-18.el10_0.aarch64",
"AppStream-10.0.Z:grafana-debuginfo-0:10.2.6-18.el10_0.ppc64le",
"AppStream-10.0.Z:grafana-debuginfo-0:10.2.6-18.el10_0.s390x",
"AppStream-10.0.Z:grafana-debuginfo-0:10.2.6-18.el10_0.x86_64",
"AppStream-10.0.Z:grafana-debugsource-0:10.2.6-18.el10_0.aarch64",
"AppStream-10.0.Z:grafana-debugsource-0:10.2.6-18.el10_0.ppc64le",
"AppStream-10.0.Z:grafana-debugsource-0:10.2.6-18.el10_0.s390x",
"AppStream-10.0.Z:grafana-debugsource-0:10.2.6-18.el10_0.x86_64",
"AppStream-10.0.Z:grafana-selinux-0:10.2.6-18.el10_0.aarch64",
"AppStream-10.0.Z:grafana-selinux-0:10.2.6-18.el10_0.ppc64le",
"AppStream-10.0.Z:grafana-selinux-0:10.2.6-18.el10_0.s390x",
"AppStream-10.0.Z:grafana-selinux-0:10.2.6-18.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http"
}
]
}
RHSA-2025:8667
Vulnerability from csaf_redhat - Published: 2025-06-09 12:34 - Updated: 2026-05-28 20:49Summary
Red Hat Security Advisory: grafana security update
Severity
Moderate
Notes
Topic: An update for grafana is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
Security Fix(es):
* net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.
5.4 (Medium)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-25.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-25.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-25.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-25.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-25.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-25.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-25.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-25.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-25.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-25.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-25.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-25.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-25.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-25.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-25.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-25.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-25.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grafana is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB \u0026 OpenTSDB. \n\nSecurity Fix(es):\n\n* net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:8667",
"url": "https://access.redhat.com/errata/RHSA-2025:8667"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2358493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8667.json"
}
],
"title": "Red Hat Security Advisory: grafana security update",
"tracking": {
"current_release_date": "2026-05-28T20:49:42+00:00",
"generator": {
"date": "2026-05-28T20:49:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:8667",
"initial_release_date": "2025-06-09T12:34:44+00:00",
"revision_history": [
{
"date": "2025-06-09T12:34:44+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-09T12:34:44+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-28T20:49:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:9.2.10-25.el8_10.src",
"product": {
"name": "grafana-0:9.2.10-25.el8_10.src",
"product_id": "grafana-0:9.2.10-25.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@9.2.10-25.el8_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:9.2.10-25.el8_10.aarch64",
"product": {
"name": "grafana-0:9.2.10-25.el8_10.aarch64",
"product_id": "grafana-0:9.2.10-25.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@9.2.10-25.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-selinux-0:9.2.10-25.el8_10.aarch64",
"product": {
"name": "grafana-selinux-0:9.2.10-25.el8_10.aarch64",
"product_id": "grafana-selinux-0:9.2.10-25.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-selinux@9.2.10-25.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:9.2.10-25.el8_10.aarch64",
"product": {
"name": "grafana-debugsource-0:9.2.10-25.el8_10.aarch64",
"product_id": "grafana-debugsource-0:9.2.10-25.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@9.2.10-25.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:9.2.10-25.el8_10.aarch64",
"product": {
"name": "grafana-debuginfo-0:9.2.10-25.el8_10.aarch64",
"product_id": "grafana-debuginfo-0:9.2.10-25.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@9.2.10-25.el8_10?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:9.2.10-25.el8_10.ppc64le",
"product": {
"name": "grafana-0:9.2.10-25.el8_10.ppc64le",
"product_id": "grafana-0:9.2.10-25.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@9.2.10-25.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-selinux-0:9.2.10-25.el8_10.ppc64le",
"product": {
"name": "grafana-selinux-0:9.2.10-25.el8_10.ppc64le",
"product_id": "grafana-selinux-0:9.2.10-25.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-selinux@9.2.10-25.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:9.2.10-25.el8_10.ppc64le",
"product": {
"name": "grafana-debugsource-0:9.2.10-25.el8_10.ppc64le",
"product_id": "grafana-debugsource-0:9.2.10-25.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@9.2.10-25.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:9.2.10-25.el8_10.ppc64le",
"product": {
"name": "grafana-debuginfo-0:9.2.10-25.el8_10.ppc64le",
"product_id": "grafana-debuginfo-0:9.2.10-25.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@9.2.10-25.el8_10?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:9.2.10-25.el8_10.x86_64",
"product": {
"name": "grafana-0:9.2.10-25.el8_10.x86_64",
"product_id": "grafana-0:9.2.10-25.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@9.2.10-25.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-selinux-0:9.2.10-25.el8_10.x86_64",
"product": {
"name": "grafana-selinux-0:9.2.10-25.el8_10.x86_64",
"product_id": "grafana-selinux-0:9.2.10-25.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-selinux@9.2.10-25.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:9.2.10-25.el8_10.x86_64",
"product": {
"name": "grafana-debugsource-0:9.2.10-25.el8_10.x86_64",
"product_id": "grafana-debugsource-0:9.2.10-25.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@9.2.10-25.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:9.2.10-25.el8_10.x86_64",
"product": {
"name": "grafana-debuginfo-0:9.2.10-25.el8_10.x86_64",
"product_id": "grafana-debuginfo-0:9.2.10-25.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@9.2.10-25.el8_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:9.2.10-25.el8_10.s390x",
"product": {
"name": "grafana-0:9.2.10-25.el8_10.s390x",
"product_id": "grafana-0:9.2.10-25.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@9.2.10-25.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-selinux-0:9.2.10-25.el8_10.s390x",
"product": {
"name": "grafana-selinux-0:9.2.10-25.el8_10.s390x",
"product_id": "grafana-selinux-0:9.2.10-25.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-selinux@9.2.10-25.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:9.2.10-25.el8_10.s390x",
"product": {
"name": "grafana-debugsource-0:9.2.10-25.el8_10.s390x",
"product_id": "grafana-debugsource-0:9.2.10-25.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@9.2.10-25.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:9.2.10-25.el8_10.s390x",
"product": {
"name": "grafana-debuginfo-0:9.2.10-25.el8_10.s390x",
"product_id": "grafana-debuginfo-0:9.2.10-25.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@9.2.10-25.el8_10?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:9.2.10-25.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-25.el8_10.aarch64"
},
"product_reference": "grafana-0:9.2.10-25.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:9.2.10-25.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-25.el8_10.ppc64le"
},
"product_reference": "grafana-0:9.2.10-25.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:9.2.10-25.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-25.el8_10.s390x"
},
"product_reference": "grafana-0:9.2.10-25.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:9.2.10-25.el8_10.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-25.el8_10.src"
},
"product_reference": "grafana-0:9.2.10-25.el8_10.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:9.2.10-25.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-25.el8_10.x86_64"
},
"product_reference": "grafana-0:9.2.10-25.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:9.2.10-25.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-25.el8_10.aarch64"
},
"product_reference": "grafana-debuginfo-0:9.2.10-25.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:9.2.10-25.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-25.el8_10.ppc64le"
},
"product_reference": "grafana-debuginfo-0:9.2.10-25.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:9.2.10-25.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-25.el8_10.s390x"
},
"product_reference": "grafana-debuginfo-0:9.2.10-25.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:9.2.10-25.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-25.el8_10.x86_64"
},
"product_reference": "grafana-debuginfo-0:9.2.10-25.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:9.2.10-25.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-25.el8_10.aarch64"
},
"product_reference": "grafana-debugsource-0:9.2.10-25.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:9.2.10-25.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-25.el8_10.ppc64le"
},
"product_reference": "grafana-debugsource-0:9.2.10-25.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:9.2.10-25.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-25.el8_10.s390x"
},
"product_reference": "grafana-debugsource-0:9.2.10-25.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:9.2.10-25.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-25.el8_10.x86_64"
},
"product_reference": "grafana-debugsource-0:9.2.10-25.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-selinux-0:9.2.10-25.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-25.el8_10.aarch64"
},
"product_reference": "grafana-selinux-0:9.2.10-25.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-selinux-0:9.2.10-25.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-25.el8_10.ppc64le"
},
"product_reference": "grafana-selinux-0:9.2.10-25.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-selinux-0:9.2.10-25.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-25.el8_10.s390x"
},
"product_reference": "grafana-selinux-0:9.2.10-25.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-selinux-0:9.2.10-25.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-25.el8_10.x86_64"
},
"product_reference": "grafana-selinux-0:9.2.10-25.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22871",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-04-08T21:01:32.229479+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358493"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling\u2014where an attacker tricks the system to send hidden or unauthorized requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite is rated as Low severity for this vulnerability. However, other affected components remain Moderate. Satellite uses the affected Go net/http component solely as a client to make requests, not as a server. Since this vulnerability only affects server-side usage, Satellite is not directly exposed to the flaw, justifying the lower severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-25.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-25.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-25.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-25.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-25.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-25.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-25.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-25.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-25.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-25.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-25.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-25.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-25.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-25.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-25.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-25.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-25.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22871"
},
{
"category": "external",
"summary": "RHBZ#2358493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871"
},
{
"category": "external",
"summary": "https://go.dev/cl/652998",
"url": "https://go.dev/cl/652998"
},
{
"category": "external",
"summary": "https://go.dev/issue/71988",
"url": "https://go.dev/issue/71988"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk",
"url": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3563",
"url": "https://pkg.go.dev/vuln/GO-2025-3563"
}
],
"release_date": "2025-04-08T20:04:34.769000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-09T12:34:44+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-25.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-25.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-25.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-25.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-25.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-25.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-25.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-25.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-25.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-25.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-25.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-25.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-25.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-25.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-25.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-25.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-25.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8667"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-25.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-25.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-25.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-25.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-25.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-25.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-25.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-25.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-25.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-25.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-25.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-25.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-25.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-25.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-25.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-25.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-25.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-25.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-25.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-25.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-25.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-25.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-25.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-25.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-25.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-25.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-25.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-25.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-25.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-25.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-25.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-25.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-25.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-25.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http"
}
]
}
RHSA-2025:8670
Vulnerability from csaf_redhat - Published: 2025-06-09 10:12 - Updated: 2026-06-02 17:47Summary
Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.36.0 security update & enhancements
Severity
Moderate
Notes
Topic: Release of OpenShift Serverless Logic 1.36.0
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: This release includes bug fixes, and enhancements.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.
5.3 (Medium)
Affected products
Fixed
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:52132f9bc5d30bcede685b33738f8629902245c27d873b2df222a616b0cbf2f9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:6a9342be45a99d3fa2fc11d2cba5309afa14c07a78445ab086a27f5974dcacaf_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:97c5afc22a62a3734c637ba56448fdb75864c3af4d2aa003d97e2212dee80a5d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:21f7386f41a63f38fe2477c53eaae8ec6b159ad89861afc4909fc3274e6aca59_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:c26b9ebf19c2c6b22bac7c6fdfc21a059ba37e3a7d4fc4b3d84a125f2bb9bbc3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:fe0aedda3b468d2f7cdb87f4246d06f95903dc43c921762cbef049b9f2b8260c_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:0fb22a3b1f864541eabed995bee8cde7ae249465735e3a3daaaffa8bfa32fcf8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:25e094b297c3dc22530bdb731a71ccbd4dfa296c012b5f17c94f8f5a9585e0cf_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:697d958c4601b70df1310076ee216da6d2501907edc8efd3a0fb20ecde1e71a8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:bc8c1cdf638bdd0fa999b6a0cbd2f9b0611c75fafe1a722d538ee3540c5112d7_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:cb95d6eb0d9d5f6f9ab58dae65d4dcabf2ea429561abca3957ac6eec8f307781_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:f06f44d53843b8ec14b571b300062e41f5926a38c6838730c8db2607973aaad7_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:12a9d369e0179e7b7c1a3f2c82dd270656450588c4554b4f038cb2223d70c4f2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:44b8e5ebf2ef810032871b492e0d20c3aafee21a782d8c3e1f1df129bd9b3387_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:7cb46aa137b94c2250afb78873fb5c4d0d28d0371f0a388e8ea7db6243df2b60_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:05e452c4cd895780d9493864c5ead2247dcb686426f71a847bdc3014da9611c2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:15f7703df21c7a6a6f6432f83d3cc3c923b3c5d87b845a37aae88262f397747c_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:645cbe692fa26174d936d8e7c7471a2d6afe3e23e67e13930d0f91c45e853e92_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:ddb375800dcb8c1a9a9b167f2b2b8d24e4c77c4e4b7e49f53e35113ac2b999c3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:404d56c4926845435bc2ceb14a7ce533bbb093d8ca7d474810171d79aacbcbd4_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:6bddeab87c0785a256de8fb7365d16d54628ab863a0f071b1981aa9a23d68a5a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:cf3971097dc696eb583f4d28ce639862f87756470d0fc6620a8a0d38fefe8bc1_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:bfd4753e43035752ca5b55b4bea25c7b6148ed1e963d16a240cfa3fe83403976_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c1937771fd70a5dae2ec2aee3723e7fd0243561e3006c93a367580d84bd1fb9a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:d77eac423fd91656e502160f23d27f23f87715b2db67bdadbe09a4b3eccacee7_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:2b648040e6f0ec313c9fe34b76d78d64431f6a899c949959cef13329fe4e01ca_arm64 | — | ||
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:4b9f1b547618528b0fb40335b7bcc1c4c053c4af19a435166bef2dc37690f490_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:5fff2717f7b08df2c90a2be7bfb36c27e13be188d23546497ed9ce266f1c03f4_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.
5.4 (Medium)
Affected products
Fixed
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:52132f9bc5d30bcede685b33738f8629902245c27d873b2df222a616b0cbf2f9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:6a9342be45a99d3fa2fc11d2cba5309afa14c07a78445ab086a27f5974dcacaf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:97c5afc22a62a3734c637ba56448fdb75864c3af4d2aa003d97e2212dee80a5d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:21f7386f41a63f38fe2477c53eaae8ec6b159ad89861afc4909fc3274e6aca59_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:c26b9ebf19c2c6b22bac7c6fdfc21a059ba37e3a7d4fc4b3d84a125f2bb9bbc3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:fe0aedda3b468d2f7cdb87f4246d06f95903dc43c921762cbef049b9f2b8260c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:0fb22a3b1f864541eabed995bee8cde7ae249465735e3a3daaaffa8bfa32fcf8_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:25e094b297c3dc22530bdb731a71ccbd4dfa296c012b5f17c94f8f5a9585e0cf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:697d958c4601b70df1310076ee216da6d2501907edc8efd3a0fb20ecde1e71a8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:bc8c1cdf638bdd0fa999b6a0cbd2f9b0611c75fafe1a722d538ee3540c5112d7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:cb95d6eb0d9d5f6f9ab58dae65d4dcabf2ea429561abca3957ac6eec8f307781_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:f06f44d53843b8ec14b571b300062e41f5926a38c6838730c8db2607973aaad7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:12a9d369e0179e7b7c1a3f2c82dd270656450588c4554b4f038cb2223d70c4f2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:44b8e5ebf2ef810032871b492e0d20c3aafee21a782d8c3e1f1df129bd9b3387_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:7cb46aa137b94c2250afb78873fb5c4d0d28d0371f0a388e8ea7db6243df2b60_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:05e452c4cd895780d9493864c5ead2247dcb686426f71a847bdc3014da9611c2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:15f7703df21c7a6a6f6432f83d3cc3c923b3c5d87b845a37aae88262f397747c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:645cbe692fa26174d936d8e7c7471a2d6afe3e23e67e13930d0f91c45e853e92_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:ddb375800dcb8c1a9a9b167f2b2b8d24e4c77c4e4b7e49f53e35113ac2b999c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:404d56c4926845435bc2ceb14a7ce533bbb093d8ca7d474810171d79aacbcbd4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:6bddeab87c0785a256de8fb7365d16d54628ab863a0f071b1981aa9a23d68a5a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:cf3971097dc696eb583f4d28ce639862f87756470d0fc6620a8a0d38fefe8bc1_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:bfd4753e43035752ca5b55b4bea25c7b6148ed1e963d16a240cfa3fe83403976_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c1937771fd70a5dae2ec2aee3723e7fd0243561e3006c93a367580d84bd1fb9a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:d77eac423fd91656e502160f23d27f23f87715b2db67bdadbe09a4b3eccacee7_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:2b648040e6f0ec313c9fe34b76d78d64431f6a899c949959cef13329fe4e01ca_arm64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:4b9f1b547618528b0fb40335b7bcc1c4c053c4af19a435166bef2dc37690f490_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:5fff2717f7b08df2c90a2be7bfb36c27e13be188d23546497ed9ce266f1c03f4_amd64 | — |
Workaround
|
Threats
Impact
Moderate
References
19 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Release of OpenShift Serverless Logic 1.36.0\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release includes bug fixes, and enhancements.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:8670",
"url": "https://access.redhat.com/errata/RHSA-2025:8670"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8670.json"
}
],
"title": "Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.36.0 security update \u0026 enhancements",
"tracking": {
"current_release_date": "2026-06-02T17:47:59+00:00",
"generator": {
"date": "2026-06-02T17:47:59+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:8670",
"initial_release_date": "2025-06-09T10:12:51+00:00",
"revision_history": [
{
"date": "2025-06-09T10:12:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-09T10:12:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T17:47:59+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-Openshift-Serverless-1.36",
"product": {
"name": "8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_serverless:1.36::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Serverless"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:6a9342be45a99d3fa2fc11d2cba5309afa14c07a78445ab086a27f5974dcacaf_arm64",
"product": {
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:6a9342be45a99d3fa2fc11d2cba5309afa14c07a78445ab086a27f5974dcacaf_arm64",
"product_id": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:6a9342be45a99d3fa2fc11d2cba5309afa14c07a78445ab086a27f5974dcacaf_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:6a9342be45a99d3fa2fc11d2cba5309afa14c07a78445ab086a27f5974dcacaf?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8\u0026tag=1.36.0-8"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:fe0aedda3b468d2f7cdb87f4246d06f95903dc43c921762cbef049b9f2b8260c_arm64",
"product": {
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:fe0aedda3b468d2f7cdb87f4246d06f95903dc43c921762cbef049b9f2b8260c_arm64",
"product_id": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:fe0aedda3b468d2f7cdb87f4246d06f95903dc43c921762cbef049b9f2b8260c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-postgresql-rhel8@sha256:fe0aedda3b468d2f7cdb87f4246d06f95903dc43c921762cbef049b9f2b8260c?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8\u0026tag=1.36.0-8"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:25e094b297c3dc22530bdb731a71ccbd4dfa296c012b5f17c94f8f5a9585e0cf_arm64",
"product": {
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:25e094b297c3dc22530bdb731a71ccbd4dfa296c012b5f17c94f8f5a9585e0cf_arm64",
"product_id": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:25e094b297c3dc22530bdb731a71ccbd4dfa296c012b5f17c94f8f5a9585e0cf_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-db-migrator-tool-rhel8@sha256:25e094b297c3dc22530bdb731a71ccbd4dfa296c012b5f17c94f8f5a9585e0cf?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-db-migrator-tool-rhel8\u0026tag=1.36.0-8"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:bc8c1cdf638bdd0fa999b6a0cbd2f9b0611c75fafe1a722d538ee3540c5112d7_arm64",
"product": {
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:bc8c1cdf638bdd0fa999b6a0cbd2f9b0611c75fafe1a722d538ee3540c5112d7_arm64",
"product_id": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:bc8c1cdf638bdd0fa999b6a0cbd2f9b0611c75fafe1a722d538ee3540c5112d7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-jobs-service-ephemeral-rhel8@sha256:bc8c1cdf638bdd0fa999b6a0cbd2f9b0611c75fafe1a722d538ee3540c5112d7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8\u0026tag=1.36.0-8"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:44b8e5ebf2ef810032871b492e0d20c3aafee21a782d8c3e1f1df129bd9b3387_arm64",
"product": {
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:44b8e5ebf2ef810032871b492e0d20c3aafee21a782d8c3e1f1df129bd9b3387_arm64",
"product_id": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:44b8e5ebf2ef810032871b492e0d20c3aafee21a782d8c3e1f1df129bd9b3387_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-jobs-service-postgresql-rhel8@sha256:44b8e5ebf2ef810032871b492e0d20c3aafee21a782d8c3e1f1df129bd9b3387?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8\u0026tag=1.36.0-8"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-operator-bundle@sha256:2b648040e6f0ec313c9fe34b76d78d64431f6a899c949959cef13329fe4e01ca_arm64",
"product": {
"name": "openshift-serverless-1/logic-operator-bundle@sha256:2b648040e6f0ec313c9fe34b76d78d64431f6a899c949959cef13329fe4e01ca_arm64",
"product_id": "openshift-serverless-1/logic-operator-bundle@sha256:2b648040e6f0ec313c9fe34b76d78d64431f6a899c949959cef13329fe4e01ca_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-operator-bundle@sha256:2b648040e6f0ec313c9fe34b76d78d64431f6a899c949959cef13329fe4e01ca?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-operator-bundle\u0026tag=1.36.0-8"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:15f7703df21c7a6a6f6432f83d3cc3c923b3c5d87b845a37aae88262f397747c_arm64",
"product": {
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:15f7703df21c7a6a6f6432f83d3cc3c923b3c5d87b845a37aae88262f397747c_arm64",
"product_id": "openshift-serverless-1/logic-rhel8-operator@sha256:15f7703df21c7a6a6f6432f83d3cc3c923b3c5d87b845a37aae88262f397747c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-rhel8-operator@sha256:15f7703df21c7a6a6f6432f83d3cc3c923b3c5d87b845a37aae88262f397747c?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-rhel8-operator\u0026tag=1.36.0-13"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:cf3971097dc696eb583f4d28ce639862f87756470d0fc6620a8a0d38fefe8bc1_arm64",
"product": {
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:cf3971097dc696eb583f4d28ce639862f87756470d0fc6620a8a0d38fefe8bc1_arm64",
"product_id": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:cf3971097dc696eb583f4d28ce639862f87756470d0fc6620a8a0d38fefe8bc1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-swf-builder-rhel8@sha256:cf3971097dc696eb583f4d28ce639862f87756470d0fc6620a8a0d38fefe8bc1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8\u0026tag=1.36.0-8"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:bfd4753e43035752ca5b55b4bea25c7b6148ed1e963d16a240cfa3fe83403976_arm64",
"product": {
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:bfd4753e43035752ca5b55b4bea25c7b6148ed1e963d16a240cfa3fe83403976_arm64",
"product_id": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:bfd4753e43035752ca5b55b4bea25c7b6148ed1e963d16a240cfa3fe83403976_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-swf-devmode-rhel8@sha256:bfd4753e43035752ca5b55b4bea25c7b6148ed1e963d16a240cfa3fe83403976?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8\u0026tag=1.36.0-6"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:52132f9bc5d30bcede685b33738f8629902245c27d873b2df222a616b0cbf2f9_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:52132f9bc5d30bcede685b33738f8629902245c27d873b2df222a616b0cbf2f9_ppc64le",
"product_id": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:52132f9bc5d30bcede685b33738f8629902245c27d873b2df222a616b0cbf2f9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:52132f9bc5d30bcede685b33738f8629902245c27d873b2df222a616b0cbf2f9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8\u0026tag=1.36.0-8"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:21f7386f41a63f38fe2477c53eaae8ec6b159ad89861afc4909fc3274e6aca59_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:21f7386f41a63f38fe2477c53eaae8ec6b159ad89861afc4909fc3274e6aca59_ppc64le",
"product_id": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:21f7386f41a63f38fe2477c53eaae8ec6b159ad89861afc4909fc3274e6aca59_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-postgresql-rhel8@sha256:21f7386f41a63f38fe2477c53eaae8ec6b159ad89861afc4909fc3274e6aca59?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8\u0026tag=1.36.0-8"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:697d958c4601b70df1310076ee216da6d2501907edc8efd3a0fb20ecde1e71a8_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:697d958c4601b70df1310076ee216da6d2501907edc8efd3a0fb20ecde1e71a8_ppc64le",
"product_id": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:697d958c4601b70df1310076ee216da6d2501907edc8efd3a0fb20ecde1e71a8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-db-migrator-tool-rhel8@sha256:697d958c4601b70df1310076ee216da6d2501907edc8efd3a0fb20ecde1e71a8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-db-migrator-tool-rhel8\u0026tag=1.36.0-8"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:f06f44d53843b8ec14b571b300062e41f5926a38c6838730c8db2607973aaad7_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:f06f44d53843b8ec14b571b300062e41f5926a38c6838730c8db2607973aaad7_ppc64le",
"product_id": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:f06f44d53843b8ec14b571b300062e41f5926a38c6838730c8db2607973aaad7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-jobs-service-ephemeral-rhel8@sha256:f06f44d53843b8ec14b571b300062e41f5926a38c6838730c8db2607973aaad7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8\u0026tag=1.36.0-8"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:7cb46aa137b94c2250afb78873fb5c4d0d28d0371f0a388e8ea7db6243df2b60_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:7cb46aa137b94c2250afb78873fb5c4d0d28d0371f0a388e8ea7db6243df2b60_ppc64le",
"product_id": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:7cb46aa137b94c2250afb78873fb5c4d0d28d0371f0a388e8ea7db6243df2b60_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-jobs-service-postgresql-rhel8@sha256:7cb46aa137b94c2250afb78873fb5c4d0d28d0371f0a388e8ea7db6243df2b60?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8\u0026tag=1.36.0-8"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-operator-bundle@sha256:4b9f1b547618528b0fb40335b7bcc1c4c053c4af19a435166bef2dc37690f490_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-operator-bundle@sha256:4b9f1b547618528b0fb40335b7bcc1c4c053c4af19a435166bef2dc37690f490_ppc64le",
"product_id": "openshift-serverless-1/logic-operator-bundle@sha256:4b9f1b547618528b0fb40335b7bcc1c4c053c4af19a435166bef2dc37690f490_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-operator-bundle@sha256:4b9f1b547618528b0fb40335b7bcc1c4c053c4af19a435166bef2dc37690f490?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-operator-bundle\u0026tag=1.36.0-8"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:645cbe692fa26174d936d8e7c7471a2d6afe3e23e67e13930d0f91c45e853e92_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:645cbe692fa26174d936d8e7c7471a2d6afe3e23e67e13930d0f91c45e853e92_ppc64le",
"product_id": "openshift-serverless-1/logic-rhel8-operator@sha256:645cbe692fa26174d936d8e7c7471a2d6afe3e23e67e13930d0f91c45e853e92_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-rhel8-operator@sha256:645cbe692fa26174d936d8e7c7471a2d6afe3e23e67e13930d0f91c45e853e92?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-rhel8-operator\u0026tag=1.36.0-13"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:404d56c4926845435bc2ceb14a7ce533bbb093d8ca7d474810171d79aacbcbd4_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:404d56c4926845435bc2ceb14a7ce533bbb093d8ca7d474810171d79aacbcbd4_ppc64le",
"product_id": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:404d56c4926845435bc2ceb14a7ce533bbb093d8ca7d474810171d79aacbcbd4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-swf-builder-rhel8@sha256:404d56c4926845435bc2ceb14a7ce533bbb093d8ca7d474810171d79aacbcbd4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8\u0026tag=1.36.0-8"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c1937771fd70a5dae2ec2aee3723e7fd0243561e3006c93a367580d84bd1fb9a_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c1937771fd70a5dae2ec2aee3723e7fd0243561e3006c93a367580d84bd1fb9a_ppc64le",
"product_id": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c1937771fd70a5dae2ec2aee3723e7fd0243561e3006c93a367580d84bd1fb9a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-swf-devmode-rhel8@sha256:c1937771fd70a5dae2ec2aee3723e7fd0243561e3006c93a367580d84bd1fb9a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8\u0026tag=1.36.0-6"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:97c5afc22a62a3734c637ba56448fdb75864c3af4d2aa003d97e2212dee80a5d_amd64",
"product": {
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:97c5afc22a62a3734c637ba56448fdb75864c3af4d2aa003d97e2212dee80a5d_amd64",
"product_id": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:97c5afc22a62a3734c637ba56448fdb75864c3af4d2aa003d97e2212dee80a5d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:97c5afc22a62a3734c637ba56448fdb75864c3af4d2aa003d97e2212dee80a5d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8\u0026tag=1.36.0-8"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:c26b9ebf19c2c6b22bac7c6fdfc21a059ba37e3a7d4fc4b3d84a125f2bb9bbc3_amd64",
"product": {
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:c26b9ebf19c2c6b22bac7c6fdfc21a059ba37e3a7d4fc4b3d84a125f2bb9bbc3_amd64",
"product_id": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:c26b9ebf19c2c6b22bac7c6fdfc21a059ba37e3a7d4fc4b3d84a125f2bb9bbc3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-postgresql-rhel8@sha256:c26b9ebf19c2c6b22bac7c6fdfc21a059ba37e3a7d4fc4b3d84a125f2bb9bbc3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8\u0026tag=1.36.0-8"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:0fb22a3b1f864541eabed995bee8cde7ae249465735e3a3daaaffa8bfa32fcf8_amd64",
"product": {
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:0fb22a3b1f864541eabed995bee8cde7ae249465735e3a3daaaffa8bfa32fcf8_amd64",
"product_id": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:0fb22a3b1f864541eabed995bee8cde7ae249465735e3a3daaaffa8bfa32fcf8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-db-migrator-tool-rhel8@sha256:0fb22a3b1f864541eabed995bee8cde7ae249465735e3a3daaaffa8bfa32fcf8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-db-migrator-tool-rhel8\u0026tag=1.36.0-8"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:cb95d6eb0d9d5f6f9ab58dae65d4dcabf2ea429561abca3957ac6eec8f307781_amd64",
"product": {
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:cb95d6eb0d9d5f6f9ab58dae65d4dcabf2ea429561abca3957ac6eec8f307781_amd64",
"product_id": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:cb95d6eb0d9d5f6f9ab58dae65d4dcabf2ea429561abca3957ac6eec8f307781_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-jobs-service-ephemeral-rhel8@sha256:cb95d6eb0d9d5f6f9ab58dae65d4dcabf2ea429561abca3957ac6eec8f307781?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8\u0026tag=1.36.0-8"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:12a9d369e0179e7b7c1a3f2c82dd270656450588c4554b4f038cb2223d70c4f2_amd64",
"product": {
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:12a9d369e0179e7b7c1a3f2c82dd270656450588c4554b4f038cb2223d70c4f2_amd64",
"product_id": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:12a9d369e0179e7b7c1a3f2c82dd270656450588c4554b4f038cb2223d70c4f2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-jobs-service-postgresql-rhel8@sha256:12a9d369e0179e7b7c1a3f2c82dd270656450588c4554b4f038cb2223d70c4f2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8\u0026tag=1.36.0-8"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-management-console-rhel8@sha256:05e452c4cd895780d9493864c5ead2247dcb686426f71a847bdc3014da9611c2_amd64",
"product": {
"name": "openshift-serverless-1/logic-management-console-rhel8@sha256:05e452c4cd895780d9493864c5ead2247dcb686426f71a847bdc3014da9611c2_amd64",
"product_id": "openshift-serverless-1/logic-management-console-rhel8@sha256:05e452c4cd895780d9493864c5ead2247dcb686426f71a847bdc3014da9611c2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-management-console-rhel8@sha256:05e452c4cd895780d9493864c5ead2247dcb686426f71a847bdc3014da9611c2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-management-console-rhel8\u0026tag=1.36.0-6"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-operator-bundle@sha256:5fff2717f7b08df2c90a2be7bfb36c27e13be188d23546497ed9ce266f1c03f4_amd64",
"product": {
"name": "openshift-serverless-1/logic-operator-bundle@sha256:5fff2717f7b08df2c90a2be7bfb36c27e13be188d23546497ed9ce266f1c03f4_amd64",
"product_id": "openshift-serverless-1/logic-operator-bundle@sha256:5fff2717f7b08df2c90a2be7bfb36c27e13be188d23546497ed9ce266f1c03f4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-operator-bundle@sha256:5fff2717f7b08df2c90a2be7bfb36c27e13be188d23546497ed9ce266f1c03f4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-operator-bundle\u0026tag=1.36.0-8"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:ddb375800dcb8c1a9a9b167f2b2b8d24e4c77c4e4b7e49f53e35113ac2b999c3_amd64",
"product": {
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:ddb375800dcb8c1a9a9b167f2b2b8d24e4c77c4e4b7e49f53e35113ac2b999c3_amd64",
"product_id": "openshift-serverless-1/logic-rhel8-operator@sha256:ddb375800dcb8c1a9a9b167f2b2b8d24e4c77c4e4b7e49f53e35113ac2b999c3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-rhel8-operator@sha256:ddb375800dcb8c1a9a9b167f2b2b8d24e4c77c4e4b7e49f53e35113ac2b999c3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-rhel8-operator\u0026tag=1.36.0-13"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:6bddeab87c0785a256de8fb7365d16d54628ab863a0f071b1981aa9a23d68a5a_amd64",
"product": {
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:6bddeab87c0785a256de8fb7365d16d54628ab863a0f071b1981aa9a23d68a5a_amd64",
"product_id": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:6bddeab87c0785a256de8fb7365d16d54628ab863a0f071b1981aa9a23d68a5a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-swf-builder-rhel8@sha256:6bddeab87c0785a256de8fb7365d16d54628ab863a0f071b1981aa9a23d68a5a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8\u0026tag=1.36.0-8"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:d77eac423fd91656e502160f23d27f23f87715b2db67bdadbe09a4b3eccacee7_amd64",
"product": {
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:d77eac423fd91656e502160f23d27f23f87715b2db67bdadbe09a4b3eccacee7_amd64",
"product_id": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:d77eac423fd91656e502160f23d27f23f87715b2db67bdadbe09a4b3eccacee7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-swf-devmode-rhel8@sha256:d77eac423fd91656e502160f23d27f23f87715b2db67bdadbe09a4b3eccacee7?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8\u0026tag=1.36.0-6"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:52132f9bc5d30bcede685b33738f8629902245c27d873b2df222a616b0cbf2f9_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:52132f9bc5d30bcede685b33738f8629902245c27d873b2df222a616b0cbf2f9_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:52132f9bc5d30bcede685b33738f8629902245c27d873b2df222a616b0cbf2f9_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:6a9342be45a99d3fa2fc11d2cba5309afa14c07a78445ab086a27f5974dcacaf_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:6a9342be45a99d3fa2fc11d2cba5309afa14c07a78445ab086a27f5974dcacaf_arm64"
},
"product_reference": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:6a9342be45a99d3fa2fc11d2cba5309afa14c07a78445ab086a27f5974dcacaf_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:97c5afc22a62a3734c637ba56448fdb75864c3af4d2aa003d97e2212dee80a5d_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:97c5afc22a62a3734c637ba56448fdb75864c3af4d2aa003d97e2212dee80a5d_amd64"
},
"product_reference": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:97c5afc22a62a3734c637ba56448fdb75864c3af4d2aa003d97e2212dee80a5d_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:21f7386f41a63f38fe2477c53eaae8ec6b159ad89861afc4909fc3274e6aca59_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:21f7386f41a63f38fe2477c53eaae8ec6b159ad89861afc4909fc3274e6aca59_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:21f7386f41a63f38fe2477c53eaae8ec6b159ad89861afc4909fc3274e6aca59_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:c26b9ebf19c2c6b22bac7c6fdfc21a059ba37e3a7d4fc4b3d84a125f2bb9bbc3_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:c26b9ebf19c2c6b22bac7c6fdfc21a059ba37e3a7d4fc4b3d84a125f2bb9bbc3_amd64"
},
"product_reference": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:c26b9ebf19c2c6b22bac7c6fdfc21a059ba37e3a7d4fc4b3d84a125f2bb9bbc3_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:fe0aedda3b468d2f7cdb87f4246d06f95903dc43c921762cbef049b9f2b8260c_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:fe0aedda3b468d2f7cdb87f4246d06f95903dc43c921762cbef049b9f2b8260c_arm64"
},
"product_reference": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:fe0aedda3b468d2f7cdb87f4246d06f95903dc43c921762cbef049b9f2b8260c_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:0fb22a3b1f864541eabed995bee8cde7ae249465735e3a3daaaffa8bfa32fcf8_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:0fb22a3b1f864541eabed995bee8cde7ae249465735e3a3daaaffa8bfa32fcf8_amd64"
},
"product_reference": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:0fb22a3b1f864541eabed995bee8cde7ae249465735e3a3daaaffa8bfa32fcf8_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:25e094b297c3dc22530bdb731a71ccbd4dfa296c012b5f17c94f8f5a9585e0cf_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:25e094b297c3dc22530bdb731a71ccbd4dfa296c012b5f17c94f8f5a9585e0cf_arm64"
},
"product_reference": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:25e094b297c3dc22530bdb731a71ccbd4dfa296c012b5f17c94f8f5a9585e0cf_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:697d958c4601b70df1310076ee216da6d2501907edc8efd3a0fb20ecde1e71a8_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:697d958c4601b70df1310076ee216da6d2501907edc8efd3a0fb20ecde1e71a8_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:697d958c4601b70df1310076ee216da6d2501907edc8efd3a0fb20ecde1e71a8_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:bc8c1cdf638bdd0fa999b6a0cbd2f9b0611c75fafe1a722d538ee3540c5112d7_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:bc8c1cdf638bdd0fa999b6a0cbd2f9b0611c75fafe1a722d538ee3540c5112d7_arm64"
},
"product_reference": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:bc8c1cdf638bdd0fa999b6a0cbd2f9b0611c75fafe1a722d538ee3540c5112d7_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:cb95d6eb0d9d5f6f9ab58dae65d4dcabf2ea429561abca3957ac6eec8f307781_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:cb95d6eb0d9d5f6f9ab58dae65d4dcabf2ea429561abca3957ac6eec8f307781_amd64"
},
"product_reference": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:cb95d6eb0d9d5f6f9ab58dae65d4dcabf2ea429561abca3957ac6eec8f307781_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:f06f44d53843b8ec14b571b300062e41f5926a38c6838730c8db2607973aaad7_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:f06f44d53843b8ec14b571b300062e41f5926a38c6838730c8db2607973aaad7_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:f06f44d53843b8ec14b571b300062e41f5926a38c6838730c8db2607973aaad7_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:12a9d369e0179e7b7c1a3f2c82dd270656450588c4554b4f038cb2223d70c4f2_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:12a9d369e0179e7b7c1a3f2c82dd270656450588c4554b4f038cb2223d70c4f2_amd64"
},
"product_reference": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:12a9d369e0179e7b7c1a3f2c82dd270656450588c4554b4f038cb2223d70c4f2_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:44b8e5ebf2ef810032871b492e0d20c3aafee21a782d8c3e1f1df129bd9b3387_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:44b8e5ebf2ef810032871b492e0d20c3aafee21a782d8c3e1f1df129bd9b3387_arm64"
},
"product_reference": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:44b8e5ebf2ef810032871b492e0d20c3aafee21a782d8c3e1f1df129bd9b3387_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:7cb46aa137b94c2250afb78873fb5c4d0d28d0371f0a388e8ea7db6243df2b60_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:7cb46aa137b94c2250afb78873fb5c4d0d28d0371f0a388e8ea7db6243df2b60_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:7cb46aa137b94c2250afb78873fb5c4d0d28d0371f0a388e8ea7db6243df2b60_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-management-console-rhel8@sha256:05e452c4cd895780d9493864c5ead2247dcb686426f71a847bdc3014da9611c2_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:05e452c4cd895780d9493864c5ead2247dcb686426f71a847bdc3014da9611c2_amd64"
},
"product_reference": "openshift-serverless-1/logic-management-console-rhel8@sha256:05e452c4cd895780d9493864c5ead2247dcb686426f71a847bdc3014da9611c2_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-operator-bundle@sha256:2b648040e6f0ec313c9fe34b76d78d64431f6a899c949959cef13329fe4e01ca_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:2b648040e6f0ec313c9fe34b76d78d64431f6a899c949959cef13329fe4e01ca_arm64"
},
"product_reference": "openshift-serverless-1/logic-operator-bundle@sha256:2b648040e6f0ec313c9fe34b76d78d64431f6a899c949959cef13329fe4e01ca_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-operator-bundle@sha256:4b9f1b547618528b0fb40335b7bcc1c4c053c4af19a435166bef2dc37690f490_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:4b9f1b547618528b0fb40335b7bcc1c4c053c4af19a435166bef2dc37690f490_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-operator-bundle@sha256:4b9f1b547618528b0fb40335b7bcc1c4c053c4af19a435166bef2dc37690f490_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-operator-bundle@sha256:5fff2717f7b08df2c90a2be7bfb36c27e13be188d23546497ed9ce266f1c03f4_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:5fff2717f7b08df2c90a2be7bfb36c27e13be188d23546497ed9ce266f1c03f4_amd64"
},
"product_reference": "openshift-serverless-1/logic-operator-bundle@sha256:5fff2717f7b08df2c90a2be7bfb36c27e13be188d23546497ed9ce266f1c03f4_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:15f7703df21c7a6a6f6432f83d3cc3c923b3c5d87b845a37aae88262f397747c_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:15f7703df21c7a6a6f6432f83d3cc3c923b3c5d87b845a37aae88262f397747c_arm64"
},
"product_reference": "openshift-serverless-1/logic-rhel8-operator@sha256:15f7703df21c7a6a6f6432f83d3cc3c923b3c5d87b845a37aae88262f397747c_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:645cbe692fa26174d936d8e7c7471a2d6afe3e23e67e13930d0f91c45e853e92_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:645cbe692fa26174d936d8e7c7471a2d6afe3e23e67e13930d0f91c45e853e92_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-rhel8-operator@sha256:645cbe692fa26174d936d8e7c7471a2d6afe3e23e67e13930d0f91c45e853e92_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:ddb375800dcb8c1a9a9b167f2b2b8d24e4c77c4e4b7e49f53e35113ac2b999c3_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:ddb375800dcb8c1a9a9b167f2b2b8d24e4c77c4e4b7e49f53e35113ac2b999c3_amd64"
},
"product_reference": "openshift-serverless-1/logic-rhel8-operator@sha256:ddb375800dcb8c1a9a9b167f2b2b8d24e4c77c4e4b7e49f53e35113ac2b999c3_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:404d56c4926845435bc2ceb14a7ce533bbb093d8ca7d474810171d79aacbcbd4_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:404d56c4926845435bc2ceb14a7ce533bbb093d8ca7d474810171d79aacbcbd4_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:404d56c4926845435bc2ceb14a7ce533bbb093d8ca7d474810171d79aacbcbd4_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:6bddeab87c0785a256de8fb7365d16d54628ab863a0f071b1981aa9a23d68a5a_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:6bddeab87c0785a256de8fb7365d16d54628ab863a0f071b1981aa9a23d68a5a_amd64"
},
"product_reference": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:6bddeab87c0785a256de8fb7365d16d54628ab863a0f071b1981aa9a23d68a5a_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:cf3971097dc696eb583f4d28ce639862f87756470d0fc6620a8a0d38fefe8bc1_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:cf3971097dc696eb583f4d28ce639862f87756470d0fc6620a8a0d38fefe8bc1_arm64"
},
"product_reference": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:cf3971097dc696eb583f4d28ce639862f87756470d0fc6620a8a0d38fefe8bc1_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:bfd4753e43035752ca5b55b4bea25c7b6148ed1e963d16a240cfa3fe83403976_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:bfd4753e43035752ca5b55b4bea25c7b6148ed1e963d16a240cfa3fe83403976_arm64"
},
"product_reference": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:bfd4753e43035752ca5b55b4bea25c7b6148ed1e963d16a240cfa3fe83403976_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c1937771fd70a5dae2ec2aee3723e7fd0243561e3006c93a367580d84bd1fb9a_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c1937771fd70a5dae2ec2aee3723e7fd0243561e3006c93a367580d84bd1fb9a_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c1937771fd70a5dae2ec2aee3723e7fd0243561e3006c93a367580d84bd1fb9a_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:d77eac423fd91656e502160f23d27f23f87715b2db67bdadbe09a4b3eccacee7_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:d77eac423fd91656e502160f23d27f23f87715b2db67bdadbe09a4b3eccacee7_amd64"
},
"product_reference": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:d77eac423fd91656e502160f23d27f23f87715b2db67bdadbe09a4b3eccacee7_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22866",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2025-02-06T17:00:56.155646+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:2b648040e6f0ec313c9fe34b76d78d64431f6a899c949959cef13329fe4e01ca_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:4b9f1b547618528b0fb40335b7bcc1c4c053c4af19a435166bef2dc37690f490_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:5fff2717f7b08df2c90a2be7bfb36c27e13be188d23546497ed9ce266f1c03f4_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344219"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:52132f9bc5d30bcede685b33738f8629902245c27d873b2df222a616b0cbf2f9_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:6a9342be45a99d3fa2fc11d2cba5309afa14c07a78445ab086a27f5974dcacaf_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:97c5afc22a62a3734c637ba56448fdb75864c3af4d2aa003d97e2212dee80a5d_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:21f7386f41a63f38fe2477c53eaae8ec6b159ad89861afc4909fc3274e6aca59_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:c26b9ebf19c2c6b22bac7c6fdfc21a059ba37e3a7d4fc4b3d84a125f2bb9bbc3_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:fe0aedda3b468d2f7cdb87f4246d06f95903dc43c921762cbef049b9f2b8260c_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:0fb22a3b1f864541eabed995bee8cde7ae249465735e3a3daaaffa8bfa32fcf8_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:25e094b297c3dc22530bdb731a71ccbd4dfa296c012b5f17c94f8f5a9585e0cf_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:697d958c4601b70df1310076ee216da6d2501907edc8efd3a0fb20ecde1e71a8_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:bc8c1cdf638bdd0fa999b6a0cbd2f9b0611c75fafe1a722d538ee3540c5112d7_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:cb95d6eb0d9d5f6f9ab58dae65d4dcabf2ea429561abca3957ac6eec8f307781_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:f06f44d53843b8ec14b571b300062e41f5926a38c6838730c8db2607973aaad7_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:12a9d369e0179e7b7c1a3f2c82dd270656450588c4554b4f038cb2223d70c4f2_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:44b8e5ebf2ef810032871b492e0d20c3aafee21a782d8c3e1f1df129bd9b3387_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:7cb46aa137b94c2250afb78873fb5c4d0d28d0371f0a388e8ea7db6243df2b60_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:05e452c4cd895780d9493864c5ead2247dcb686426f71a847bdc3014da9611c2_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:15f7703df21c7a6a6f6432f83d3cc3c923b3c5d87b845a37aae88262f397747c_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:645cbe692fa26174d936d8e7c7471a2d6afe3e23e67e13930d0f91c45e853e92_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:ddb375800dcb8c1a9a9b167f2b2b8d24e4c77c4e4b7e49f53e35113ac2b999c3_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:404d56c4926845435bc2ceb14a7ce533bbb093d8ca7d474810171d79aacbcbd4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:6bddeab87c0785a256de8fb7365d16d54628ab863a0f071b1981aa9a23d68a5a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:cf3971097dc696eb583f4d28ce639862f87756470d0fc6620a8a0d38fefe8bc1_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:bfd4753e43035752ca5b55b4bea25c7b6148ed1e963d16a240cfa3fe83403976_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c1937771fd70a5dae2ec2aee3723e7fd0243561e3006c93a367580d84bd1fb9a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:d77eac423fd91656e502160f23d27f23f87715b2db67bdadbe09a4b3eccacee7_amd64"
],
"known_not_affected": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:2b648040e6f0ec313c9fe34b76d78d64431f6a899c949959cef13329fe4e01ca_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:4b9f1b547618528b0fb40335b7bcc1c4c053c4af19a435166bef2dc37690f490_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:5fff2717f7b08df2c90a2be7bfb36c27e13be188d23546497ed9ce266f1c03f4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22866"
},
{
"category": "external",
"summary": "RHBZ#2344219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344219"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22866",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22866"
},
{
"category": "external",
"summary": "https://go.dev/cl/643735",
"url": "https://go.dev/cl/643735"
},
{
"category": "external",
"summary": "https://go.dev/issue/71383",
"url": "https://go.dev/issue/71383"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k",
"url": "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3447",
"url": "https://pkg.go.dev/vuln/GO-2025-3447"
}
],
"release_date": "2025-02-06T16:54:10.252000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-09T10:12:51+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:52132f9bc5d30bcede685b33738f8629902245c27d873b2df222a616b0cbf2f9_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:6a9342be45a99d3fa2fc11d2cba5309afa14c07a78445ab086a27f5974dcacaf_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:97c5afc22a62a3734c637ba56448fdb75864c3af4d2aa003d97e2212dee80a5d_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:21f7386f41a63f38fe2477c53eaae8ec6b159ad89861afc4909fc3274e6aca59_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:c26b9ebf19c2c6b22bac7c6fdfc21a059ba37e3a7d4fc4b3d84a125f2bb9bbc3_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:fe0aedda3b468d2f7cdb87f4246d06f95903dc43c921762cbef049b9f2b8260c_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:0fb22a3b1f864541eabed995bee8cde7ae249465735e3a3daaaffa8bfa32fcf8_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:25e094b297c3dc22530bdb731a71ccbd4dfa296c012b5f17c94f8f5a9585e0cf_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:697d958c4601b70df1310076ee216da6d2501907edc8efd3a0fb20ecde1e71a8_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:bc8c1cdf638bdd0fa999b6a0cbd2f9b0611c75fafe1a722d538ee3540c5112d7_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:cb95d6eb0d9d5f6f9ab58dae65d4dcabf2ea429561abca3957ac6eec8f307781_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:f06f44d53843b8ec14b571b300062e41f5926a38c6838730c8db2607973aaad7_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:12a9d369e0179e7b7c1a3f2c82dd270656450588c4554b4f038cb2223d70c4f2_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:44b8e5ebf2ef810032871b492e0d20c3aafee21a782d8c3e1f1df129bd9b3387_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:7cb46aa137b94c2250afb78873fb5c4d0d28d0371f0a388e8ea7db6243df2b60_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:05e452c4cd895780d9493864c5ead2247dcb686426f71a847bdc3014da9611c2_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:15f7703df21c7a6a6f6432f83d3cc3c923b3c5d87b845a37aae88262f397747c_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:645cbe692fa26174d936d8e7c7471a2d6afe3e23e67e13930d0f91c45e853e92_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:ddb375800dcb8c1a9a9b167f2b2b8d24e4c77c4e4b7e49f53e35113ac2b999c3_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:404d56c4926845435bc2ceb14a7ce533bbb093d8ca7d474810171d79aacbcbd4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:6bddeab87c0785a256de8fb7365d16d54628ab863a0f071b1981aa9a23d68a5a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:cf3971097dc696eb583f4d28ce639862f87756470d0fc6620a8a0d38fefe8bc1_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:bfd4753e43035752ca5b55b4bea25c7b6148ed1e963d16a240cfa3fe83403976_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c1937771fd70a5dae2ec2aee3723e7fd0243561e3006c93a367580d84bd1fb9a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:d77eac423fd91656e502160f23d27f23f87715b2db67bdadbe09a4b3eccacee7_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8670"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:52132f9bc5d30bcede685b33738f8629902245c27d873b2df222a616b0cbf2f9_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:6a9342be45a99d3fa2fc11d2cba5309afa14c07a78445ab086a27f5974dcacaf_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:97c5afc22a62a3734c637ba56448fdb75864c3af4d2aa003d97e2212dee80a5d_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:21f7386f41a63f38fe2477c53eaae8ec6b159ad89861afc4909fc3274e6aca59_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:c26b9ebf19c2c6b22bac7c6fdfc21a059ba37e3a7d4fc4b3d84a125f2bb9bbc3_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:fe0aedda3b468d2f7cdb87f4246d06f95903dc43c921762cbef049b9f2b8260c_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:0fb22a3b1f864541eabed995bee8cde7ae249465735e3a3daaaffa8bfa32fcf8_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:25e094b297c3dc22530bdb731a71ccbd4dfa296c012b5f17c94f8f5a9585e0cf_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:697d958c4601b70df1310076ee216da6d2501907edc8efd3a0fb20ecde1e71a8_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:bc8c1cdf638bdd0fa999b6a0cbd2f9b0611c75fafe1a722d538ee3540c5112d7_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:cb95d6eb0d9d5f6f9ab58dae65d4dcabf2ea429561abca3957ac6eec8f307781_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:f06f44d53843b8ec14b571b300062e41f5926a38c6838730c8db2607973aaad7_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:12a9d369e0179e7b7c1a3f2c82dd270656450588c4554b4f038cb2223d70c4f2_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:44b8e5ebf2ef810032871b492e0d20c3aafee21a782d8c3e1f1df129bd9b3387_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:7cb46aa137b94c2250afb78873fb5c4d0d28d0371f0a388e8ea7db6243df2b60_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:05e452c4cd895780d9493864c5ead2247dcb686426f71a847bdc3014da9611c2_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:2b648040e6f0ec313c9fe34b76d78d64431f6a899c949959cef13329fe4e01ca_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:4b9f1b547618528b0fb40335b7bcc1c4c053c4af19a435166bef2dc37690f490_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:5fff2717f7b08df2c90a2be7bfb36c27e13be188d23546497ed9ce266f1c03f4_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:15f7703df21c7a6a6f6432f83d3cc3c923b3c5d87b845a37aae88262f397747c_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:645cbe692fa26174d936d8e7c7471a2d6afe3e23e67e13930d0f91c45e853e92_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:ddb375800dcb8c1a9a9b167f2b2b8d24e4c77c4e4b7e49f53e35113ac2b999c3_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:404d56c4926845435bc2ceb14a7ce533bbb093d8ca7d474810171d79aacbcbd4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:6bddeab87c0785a256de8fb7365d16d54628ab863a0f071b1981aa9a23d68a5a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:cf3971097dc696eb583f4d28ce639862f87756470d0fc6620a8a0d38fefe8bc1_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:bfd4753e43035752ca5b55b4bea25c7b6148ed1e963d16a240cfa3fe83403976_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c1937771fd70a5dae2ec2aee3723e7fd0243561e3006c93a367580d84bd1fb9a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:d77eac423fd91656e502160f23d27f23f87715b2db67bdadbe09a4b3eccacee7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec"
},
{
"cve": "CVE-2025-22871",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-04-08T21:01:32.229479+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:2b648040e6f0ec313c9fe34b76d78d64431f6a899c949959cef13329fe4e01ca_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:4b9f1b547618528b0fb40335b7bcc1c4c053c4af19a435166bef2dc37690f490_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:5fff2717f7b08df2c90a2be7bfb36c27e13be188d23546497ed9ce266f1c03f4_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358493"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling\u2014where an attacker tricks the system to send hidden or unauthorized requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite is rated as Low severity for this vulnerability. However, other affected components remain Moderate. Satellite uses the affected Go net/http component solely as a client to make requests, not as a server. Since this vulnerability only affects server-side usage, Satellite is not directly exposed to the flaw, justifying the lower severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:52132f9bc5d30bcede685b33738f8629902245c27d873b2df222a616b0cbf2f9_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:6a9342be45a99d3fa2fc11d2cba5309afa14c07a78445ab086a27f5974dcacaf_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:97c5afc22a62a3734c637ba56448fdb75864c3af4d2aa003d97e2212dee80a5d_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:21f7386f41a63f38fe2477c53eaae8ec6b159ad89861afc4909fc3274e6aca59_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:c26b9ebf19c2c6b22bac7c6fdfc21a059ba37e3a7d4fc4b3d84a125f2bb9bbc3_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:fe0aedda3b468d2f7cdb87f4246d06f95903dc43c921762cbef049b9f2b8260c_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:0fb22a3b1f864541eabed995bee8cde7ae249465735e3a3daaaffa8bfa32fcf8_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:25e094b297c3dc22530bdb731a71ccbd4dfa296c012b5f17c94f8f5a9585e0cf_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:697d958c4601b70df1310076ee216da6d2501907edc8efd3a0fb20ecde1e71a8_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:bc8c1cdf638bdd0fa999b6a0cbd2f9b0611c75fafe1a722d538ee3540c5112d7_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:cb95d6eb0d9d5f6f9ab58dae65d4dcabf2ea429561abca3957ac6eec8f307781_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:f06f44d53843b8ec14b571b300062e41f5926a38c6838730c8db2607973aaad7_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:12a9d369e0179e7b7c1a3f2c82dd270656450588c4554b4f038cb2223d70c4f2_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:44b8e5ebf2ef810032871b492e0d20c3aafee21a782d8c3e1f1df129bd9b3387_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:7cb46aa137b94c2250afb78873fb5c4d0d28d0371f0a388e8ea7db6243df2b60_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:05e452c4cd895780d9493864c5ead2247dcb686426f71a847bdc3014da9611c2_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:15f7703df21c7a6a6f6432f83d3cc3c923b3c5d87b845a37aae88262f397747c_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:645cbe692fa26174d936d8e7c7471a2d6afe3e23e67e13930d0f91c45e853e92_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:ddb375800dcb8c1a9a9b167f2b2b8d24e4c77c4e4b7e49f53e35113ac2b999c3_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:404d56c4926845435bc2ceb14a7ce533bbb093d8ca7d474810171d79aacbcbd4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:6bddeab87c0785a256de8fb7365d16d54628ab863a0f071b1981aa9a23d68a5a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:cf3971097dc696eb583f4d28ce639862f87756470d0fc6620a8a0d38fefe8bc1_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:bfd4753e43035752ca5b55b4bea25c7b6148ed1e963d16a240cfa3fe83403976_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c1937771fd70a5dae2ec2aee3723e7fd0243561e3006c93a367580d84bd1fb9a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:d77eac423fd91656e502160f23d27f23f87715b2db67bdadbe09a4b3eccacee7_amd64"
],
"known_not_affected": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:2b648040e6f0ec313c9fe34b76d78d64431f6a899c949959cef13329fe4e01ca_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:4b9f1b547618528b0fb40335b7bcc1c4c053c4af19a435166bef2dc37690f490_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:5fff2717f7b08df2c90a2be7bfb36c27e13be188d23546497ed9ce266f1c03f4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22871"
},
{
"category": "external",
"summary": "RHBZ#2358493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871"
},
{
"category": "external",
"summary": "https://go.dev/cl/652998",
"url": "https://go.dev/cl/652998"
},
{
"category": "external",
"summary": "https://go.dev/issue/71988",
"url": "https://go.dev/issue/71988"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk",
"url": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3563",
"url": "https://pkg.go.dev/vuln/GO-2025-3563"
}
],
"release_date": "2025-04-08T20:04:34.769000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-09T10:12:51+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:52132f9bc5d30bcede685b33738f8629902245c27d873b2df222a616b0cbf2f9_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:6a9342be45a99d3fa2fc11d2cba5309afa14c07a78445ab086a27f5974dcacaf_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:97c5afc22a62a3734c637ba56448fdb75864c3af4d2aa003d97e2212dee80a5d_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:21f7386f41a63f38fe2477c53eaae8ec6b159ad89861afc4909fc3274e6aca59_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:c26b9ebf19c2c6b22bac7c6fdfc21a059ba37e3a7d4fc4b3d84a125f2bb9bbc3_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:fe0aedda3b468d2f7cdb87f4246d06f95903dc43c921762cbef049b9f2b8260c_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:0fb22a3b1f864541eabed995bee8cde7ae249465735e3a3daaaffa8bfa32fcf8_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:25e094b297c3dc22530bdb731a71ccbd4dfa296c012b5f17c94f8f5a9585e0cf_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:697d958c4601b70df1310076ee216da6d2501907edc8efd3a0fb20ecde1e71a8_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:bc8c1cdf638bdd0fa999b6a0cbd2f9b0611c75fafe1a722d538ee3540c5112d7_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:cb95d6eb0d9d5f6f9ab58dae65d4dcabf2ea429561abca3957ac6eec8f307781_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:f06f44d53843b8ec14b571b300062e41f5926a38c6838730c8db2607973aaad7_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:12a9d369e0179e7b7c1a3f2c82dd270656450588c4554b4f038cb2223d70c4f2_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:44b8e5ebf2ef810032871b492e0d20c3aafee21a782d8c3e1f1df129bd9b3387_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:7cb46aa137b94c2250afb78873fb5c4d0d28d0371f0a388e8ea7db6243df2b60_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:05e452c4cd895780d9493864c5ead2247dcb686426f71a847bdc3014da9611c2_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:15f7703df21c7a6a6f6432f83d3cc3c923b3c5d87b845a37aae88262f397747c_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:645cbe692fa26174d936d8e7c7471a2d6afe3e23e67e13930d0f91c45e853e92_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:ddb375800dcb8c1a9a9b167f2b2b8d24e4c77c4e4b7e49f53e35113ac2b999c3_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:404d56c4926845435bc2ceb14a7ce533bbb093d8ca7d474810171d79aacbcbd4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:6bddeab87c0785a256de8fb7365d16d54628ab863a0f071b1981aa9a23d68a5a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:cf3971097dc696eb583f4d28ce639862f87756470d0fc6620a8a0d38fefe8bc1_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:bfd4753e43035752ca5b55b4bea25c7b6148ed1e963d16a240cfa3fe83403976_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c1937771fd70a5dae2ec2aee3723e7fd0243561e3006c93a367580d84bd1fb9a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:d77eac423fd91656e502160f23d27f23f87715b2db67bdadbe09a4b3eccacee7_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8670"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:52132f9bc5d30bcede685b33738f8629902245c27d873b2df222a616b0cbf2f9_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:6a9342be45a99d3fa2fc11d2cba5309afa14c07a78445ab086a27f5974dcacaf_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:97c5afc22a62a3734c637ba56448fdb75864c3af4d2aa003d97e2212dee80a5d_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:21f7386f41a63f38fe2477c53eaae8ec6b159ad89861afc4909fc3274e6aca59_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:c26b9ebf19c2c6b22bac7c6fdfc21a059ba37e3a7d4fc4b3d84a125f2bb9bbc3_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:fe0aedda3b468d2f7cdb87f4246d06f95903dc43c921762cbef049b9f2b8260c_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:0fb22a3b1f864541eabed995bee8cde7ae249465735e3a3daaaffa8bfa32fcf8_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:25e094b297c3dc22530bdb731a71ccbd4dfa296c012b5f17c94f8f5a9585e0cf_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:697d958c4601b70df1310076ee216da6d2501907edc8efd3a0fb20ecde1e71a8_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:bc8c1cdf638bdd0fa999b6a0cbd2f9b0611c75fafe1a722d538ee3540c5112d7_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:cb95d6eb0d9d5f6f9ab58dae65d4dcabf2ea429561abca3957ac6eec8f307781_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:f06f44d53843b8ec14b571b300062e41f5926a38c6838730c8db2607973aaad7_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:12a9d369e0179e7b7c1a3f2c82dd270656450588c4554b4f038cb2223d70c4f2_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:44b8e5ebf2ef810032871b492e0d20c3aafee21a782d8c3e1f1df129bd9b3387_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:7cb46aa137b94c2250afb78873fb5c4d0d28d0371f0a388e8ea7db6243df2b60_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:05e452c4cd895780d9493864c5ead2247dcb686426f71a847bdc3014da9611c2_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:2b648040e6f0ec313c9fe34b76d78d64431f6a899c949959cef13329fe4e01ca_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:4b9f1b547618528b0fb40335b7bcc1c4c053c4af19a435166bef2dc37690f490_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:5fff2717f7b08df2c90a2be7bfb36c27e13be188d23546497ed9ce266f1c03f4_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:15f7703df21c7a6a6f6432f83d3cc3c923b3c5d87b845a37aae88262f397747c_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:645cbe692fa26174d936d8e7c7471a2d6afe3e23e67e13930d0f91c45e853e92_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:ddb375800dcb8c1a9a9b167f2b2b8d24e4c77c4e4b7e49f53e35113ac2b999c3_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:404d56c4926845435bc2ceb14a7ce533bbb093d8ca7d474810171d79aacbcbd4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:6bddeab87c0785a256de8fb7365d16d54628ab863a0f071b1981aa9a23d68a5a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:cf3971097dc696eb583f4d28ce639862f87756470d0fc6620a8a0d38fefe8bc1_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:bfd4753e43035752ca5b55b4bea25c7b6148ed1e963d16a240cfa3fe83403976_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c1937771fd70a5dae2ec2aee3723e7fd0243561e3006c93a367580d84bd1fb9a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:d77eac423fd91656e502160f23d27f23f87715b2db67bdadbe09a4b3eccacee7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:52132f9bc5d30bcede685b33738f8629902245c27d873b2df222a616b0cbf2f9_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:6a9342be45a99d3fa2fc11d2cba5309afa14c07a78445ab086a27f5974dcacaf_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:97c5afc22a62a3734c637ba56448fdb75864c3af4d2aa003d97e2212dee80a5d_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:21f7386f41a63f38fe2477c53eaae8ec6b159ad89861afc4909fc3274e6aca59_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:c26b9ebf19c2c6b22bac7c6fdfc21a059ba37e3a7d4fc4b3d84a125f2bb9bbc3_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:fe0aedda3b468d2f7cdb87f4246d06f95903dc43c921762cbef049b9f2b8260c_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:0fb22a3b1f864541eabed995bee8cde7ae249465735e3a3daaaffa8bfa32fcf8_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:25e094b297c3dc22530bdb731a71ccbd4dfa296c012b5f17c94f8f5a9585e0cf_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:697d958c4601b70df1310076ee216da6d2501907edc8efd3a0fb20ecde1e71a8_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:bc8c1cdf638bdd0fa999b6a0cbd2f9b0611c75fafe1a722d538ee3540c5112d7_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:cb95d6eb0d9d5f6f9ab58dae65d4dcabf2ea429561abca3957ac6eec8f307781_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:f06f44d53843b8ec14b571b300062e41f5926a38c6838730c8db2607973aaad7_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:12a9d369e0179e7b7c1a3f2c82dd270656450588c4554b4f038cb2223d70c4f2_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:44b8e5ebf2ef810032871b492e0d20c3aafee21a782d8c3e1f1df129bd9b3387_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:7cb46aa137b94c2250afb78873fb5c4d0d28d0371f0a388e8ea7db6243df2b60_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:05e452c4cd895780d9493864c5ead2247dcb686426f71a847bdc3014da9611c2_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:2b648040e6f0ec313c9fe34b76d78d64431f6a899c949959cef13329fe4e01ca_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:4b9f1b547618528b0fb40335b7bcc1c4c053c4af19a435166bef2dc37690f490_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:5fff2717f7b08df2c90a2be7bfb36c27e13be188d23546497ed9ce266f1c03f4_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:15f7703df21c7a6a6f6432f83d3cc3c923b3c5d87b845a37aae88262f397747c_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:645cbe692fa26174d936d8e7c7471a2d6afe3e23e67e13930d0f91c45e853e92_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:ddb375800dcb8c1a9a9b167f2b2b8d24e4c77c4e4b7e49f53e35113ac2b999c3_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:404d56c4926845435bc2ceb14a7ce533bbb093d8ca7d474810171d79aacbcbd4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:6bddeab87c0785a256de8fb7365d16d54628ab863a0f071b1981aa9a23d68a5a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:cf3971097dc696eb583f4d28ce639862f87756470d0fc6620a8a0d38fefe8bc1_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:bfd4753e43035752ca5b55b4bea25c7b6148ed1e963d16a240cfa3fe83403976_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c1937771fd70a5dae2ec2aee3723e7fd0243561e3006c93a367580d84bd1fb9a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:d77eac423fd91656e502160f23d27f23f87715b2db67bdadbe09a4b3eccacee7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…