RHSA-2026:39810

Vulnerability from csaf_redhat - Published: 2026-07-15 09:55 - Updated: 2026-07-16 21:53
Summary
Red Hat Security Advisory: Red Hat OpenStack Services on OpenShift 18.0 (golang-github-openstack-k8s-operators-os-diff) security update
Severity
Important
Notes
Topic: An update for golang-github-openstack-k8s-operators-os-diff is now available for Red Hat OpenStack Services on OpenShift 18.0 (Antelope). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Security Fix(es): * net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726) * golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729) * Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) * Incorrect enforcement of email constraints in crypto/x509 (CVE-2026-27137) * crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280) * golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283) * golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application (CVE-2026-33810) * golang: Go net package: Denial of Service via long CNAME response in LookupCNAME (CVE-2026-33811) * golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281) * internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.

CWE-770 - Allocation of Resources Without Limits or Throttling
Affected products
Product Identifier Version Remediation
Unresolved product id: 9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src
Vendor Fix fix
Workaround
Unresolved product id: 9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64
Vendor Fix fix
Workaround
Unresolved product id: 9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src
Vendor Fix fix
Workaround
Unresolved product id: 9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64
Vendor Fix fix
Workaround
Threats
Impact Important

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.

CWE-1050 - Excessive Platform Resource Consumption within a Loop
Affected products
Product Identifier Version Remediation
Unresolved product id: 9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src
Vendor Fix fix
Unresolved product id: 9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64
Vendor Fix fix
Unresolved product id: 9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src
Vendor Fix fix
Unresolved product id: 9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64
Vendor Fix fix
Threats
Impact Important

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.

CWE-1286 - Improper Validation of Syntactic Correctness of Input
Affected products
Product Identifier Version Remediation
Unresolved product id: 9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src
Vendor Fix fix
Workaround
Unresolved product id: 9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64
Vendor Fix fix
Workaround
Unresolved product id: 9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src
Vendor Fix fix
Workaround
Unresolved product id: 9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64
Vendor Fix fix
Workaround
Threats
Impact Important

A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.

CWE-295 - Improper Certificate Validation
Affected products
Product Identifier Version Remediation
Unresolved product id: 9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src
Vendor Fix fix
Workaround
Unresolved product id: 9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64
Vendor Fix fix
Workaround
Unresolved product id: 9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src
Vendor Fix fix
Workaround
Unresolved product id: 9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64
Vendor Fix fix
Workaround
Threats
Impact Important

A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.

CWE-770 - Allocation of Resources Without Limits or Throttling
Affected products
Product Identifier Version Remediation
Unresolved product id: 9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src
Vendor Fix fix
Unresolved product id: 9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64
Vendor Fix fix
Unresolved product id: 9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src
Vendor Fix fix
Unresolved product id: 9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64
Vendor Fix fix
Threats
Impact Important

A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.

CWE-1050 - Excessive Platform Resource Consumption within a Loop
Affected products
Product Identifier Version Remediation
Unresolved product id: 9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src
Vendor Fix fix
Workaround
Unresolved product id: 9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64
Vendor Fix fix
Workaround
Unresolved product id: 9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src
Vendor Fix fix
Workaround
Unresolved product id: 9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64
Vendor Fix fix
Workaround
Threats
Impact Moderate

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.

CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Affected products
Product Identifier Version Remediation
Unresolved product id: 9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src
Vendor Fix fix
Workaround
Unresolved product id: 9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64
Vendor Fix fix
Workaround
Unresolved product id: 9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src
Vendor Fix fix
Workaround
Unresolved product id: 9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64
Vendor Fix fix
Workaround
Threats
Impact Moderate

A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).

CWE-764 - Multiple Locks of a Critical Resource
Affected products
Product Identifier Version Remediation
Unresolved product id: 9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src
Vendor Fix fix
Unresolved product id: 9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64
Vendor Fix fix
Unresolved product id: 9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src
Vendor Fix fix
Unresolved product id: 9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64
Vendor Fix fix
Threats
Impact Important

A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.

CWE-1289 - Improper Validation of Unsafe Equivalence in Input
Affected products
Product Identifier Version Remediation
Unresolved product id: 9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src
Vendor Fix fix
Unresolved product id: 9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64
Vendor Fix fix
Unresolved product id: 9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src
Vendor Fix fix
Unresolved product id: 9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64
Vendor Fix fix
Threats
Impact Important

A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.

CWE-1341 - Multiple Releases of Same Resource or Handle
Affected products
Product Identifier Version Remediation
Unresolved product id: 9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src
Vendor Fix fix
Workaround
Unresolved product id: 9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64
Vendor Fix fix
Workaround
Unresolved product id: 9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src
Vendor Fix fix
Workaround
Unresolved product id: 9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64
Vendor Fix fix
Workaround
Threats
Impact Important
References
URL Category
https://access.redhat.com/errata/RHSA-2026:39810 self
https://access.redhat.com/security/updates/classi… external
https://bugzilla.redhat.com/show_bug.cgi?id=2418462 external
https://bugzilla.redhat.com/show_bug.cgi?id=2434432 external
https://bugzilla.redhat.com/show_bug.cgi?id=2445345 external
https://bugzilla.redhat.com/show_bug.cgi?id=2445356 external
https://bugzilla.redhat.com/show_bug.cgi?id=2456333 external
https://bugzilla.redhat.com/show_bug.cgi?id=2456335 external
https://bugzilla.redhat.com/show_bug.cgi?id=2456336 external
https://bugzilla.redhat.com/show_bug.cgi?id=2456338 external
https://bugzilla.redhat.com/show_bug.cgi?id=2456339 external
https://bugzilla.redhat.com/show_bug.cgi?id=2467822 external
https://security.access.redhat.com/data/csaf/v2/a… self
https://access.redhat.com/security/cve/CVE-2025-61726 self
https://bugzilla.redhat.com/show_bug.cgi?id=2434432 external
https://www.cve.org/CVERecord?id=CVE-2025-61726 external
https://nvd.nist.gov/vuln/detail/CVE-2025-61726 external
https://go.dev/cl/736712 external
https://go.dev/issue/77101 external
https://groups.google.com/g/golang-announce/c/Vd2… external
https://pkg.go.dev/vuln/GO-2026-4341 external
https://access.redhat.com/security/cve/CVE-2025-61729 self
https://bugzilla.redhat.com/show_bug.cgi?id=2418462 external
https://www.cve.org/CVERecord?id=CVE-2025-61729 external
https://nvd.nist.gov/vuln/detail/CVE-2025-61729 external
https://go.dev/cl/725920 external
https://go.dev/issue/76445 external
https://groups.google.com/g/golang-announce/c/8FJ… external
https://pkg.go.dev/vuln/GO-2025-4155 external
https://access.redhat.com/security/cve/CVE-2026-25679 self
https://bugzilla.redhat.com/show_bug.cgi?id=2445356 external
https://www.cve.org/CVERecord?id=CVE-2026-25679 external
https://nvd.nist.gov/vuln/detail/CVE-2026-25679 external
https://go.dev/cl/752180 external
https://go.dev/issue/77578 external
https://groups.google.com/g/golang-announce/c/Edh… external
https://pkg.go.dev/vuln/GO-2026-4601 external
https://access.redhat.com/security/cve/CVE-2026-27137 self
https://bugzilla.redhat.com/show_bug.cgi?id=2445345 external
https://www.cve.org/CVERecord?id=CVE-2026-27137 external
https://nvd.nist.gov/vuln/detail/CVE-2026-27137 external
https://go.dev/cl/752182 external
https://go.dev/issue/77952 external
https://pkg.go.dev/vuln/GO-2026-4599 external
https://access.redhat.com/security/cve/CVE-2026-32280 self
https://bugzilla.redhat.com/show_bug.cgi?id=2456339 external
https://www.cve.org/CVERecord?id=CVE-2026-32280 external
https://nvd.nist.gov/vuln/detail/CVE-2026-32280 external
https://go.dev/cl/758320 external
https://go.dev/issue/78282 external
https://groups.google.com/g/golang-announce/c/0uY… external
https://pkg.go.dev/vuln/GO-2026-4947 external
https://access.redhat.com/security/cve/CVE-2026-32281 self
https://bugzilla.redhat.com/show_bug.cgi?id=2456333 external
https://www.cve.org/CVERecord?id=CVE-2026-32281 external
https://nvd.nist.gov/vuln/detail/CVE-2026-32281 external
https://go.dev/cl/758061 external
https://go.dev/issue/78281 external
https://pkg.go.dev/vuln/GO-2026-4946 external
https://access.redhat.com/security/cve/CVE-2026-32282 self
https://bugzilla.redhat.com/show_bug.cgi?id=2456336 external
https://www.cve.org/CVERecord?id=CVE-2026-32282 external
https://nvd.nist.gov/vuln/detail/CVE-2026-32282 external
https://go.dev/cl/763761 external
https://go.dev/issue/78293 external
https://pkg.go.dev/vuln/GO-2026-4864 external
https://access.redhat.com/security/cve/CVE-2026-32283 self
https://bugzilla.redhat.com/show_bug.cgi?id=2456338 external
https://www.cve.org/CVERecord?id=CVE-2026-32283 external
https://nvd.nist.gov/vuln/detail/CVE-2026-32283 external
https://go.dev/cl/763767 external
https://go.dev/issue/78334 external
https://pkg.go.dev/vuln/GO-2026-4870 external
https://access.redhat.com/security/cve/CVE-2026-33810 self
https://bugzilla.redhat.com/show_bug.cgi?id=2456335 external
https://www.cve.org/CVERecord?id=CVE-2026-33810 external
https://nvd.nist.gov/vuln/detail/CVE-2026-33810 external
https://go.dev/cl/763763 external
https://go.dev/issue/78332 external
https://pkg.go.dev/vuln/GO-2026-4866 external
https://access.redhat.com/security/cve/CVE-2026-33811 self
https://bugzilla.redhat.com/show_bug.cgi?id=2467822 external
https://www.cve.org/CVERecord?id=CVE-2026-33811 external
https://nvd.nist.gov/vuln/detail/CVE-2026-33811 external
https://go.dev/cl/767860 external
https://go.dev/issue/78803 external
https://groups.google.com/g/golang-announce/c/qcC… external
https://pkg.go.dev/vuln/GO-2026-4981 external

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for golang-github-openstack-k8s-operators-os-diff is now\navailable for Red Hat OpenStack Services on OpenShift 18.0 (Antelope).\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Security Fix(es):\n\n* net/url: Memory exhaustion in query parameter parsing in net/url\n(CVE-2025-61726)\n\n* golang: Denial of Service due to excessive resource consumption via\ncrafted certificate (CVE-2025-61729)\n\n* Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\n* Incorrect enforcement of email constraints in crypto/x509\n(CVE-2026-27137)\n\n* crypto/tls: golang: Go: Denial of Service vulnerability in certificate\nchain building (CVE-2026-32280)\n\n* golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update\nmessages (CVE-2026-32283)\n\n* golang: Go crypto/x509: Certificate validation bypass due to incorrect\nDNS constraint application (CVE-2026-33810)\n\n* golang: Go net package: Denial of Service via long CNAME response in\nLookupCNAME (CVE-2026-33811)\n\n* golang: Go crypto/x509: Denial of Service via inefficient certificate\nchain validation (CVE-2026-32281)\n\n* internal/syscall/unix: Root.Chmod can follow symlinks out of the root\n(CVE-2026-32282)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:39810",
        "url": "https://access.redhat.com/errata/RHSA-2026:39810"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2418462",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
      },
      {
        "category": "external",
        "summary": "2434432",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
      },
      {
        "category": "external",
        "summary": "2445345",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
      },
      {
        "category": "external",
        "summary": "2445356",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
      },
      {
        "category": "external",
        "summary": "2456333",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
      },
      {
        "category": "external",
        "summary": "2456335",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456335"
      },
      {
        "category": "external",
        "summary": "2456336",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
      },
      {
        "category": "external",
        "summary": "2456338",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
      },
      {
        "category": "external",
        "summary": "2456339",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
      },
      {
        "category": "external",
        "summary": "2467822",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467822"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_39810.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat OpenStack Services on OpenShift 18.0 (golang-github-openstack-k8s-operators-os-diff) security update",
    "tracking": {
      "current_release_date": "2026-07-16T21:53:24+00:00",
      "generator": {
        "date": "2026-07-16T21:53:24+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.3.7"
        }
      },
      "id": "RHSA-2026:39810",
      "initial_release_date": "2026-07-15T09:55:31+00:00",
      "revision_history": [
        {
          "date": "2026-07-15T09:55:31+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-07-15T09:55:31+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-07-16T21:53:24+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenStack Services on OpenShift 18.0",
                "product": {
                  "name": "Red Hat OpenStack Services on OpenShift 18.0",
                  "product_id": "9Base-RHOSO-18.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openstack:18.0::el9"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "9Base-RHOSO-TOOLS-18",
                "product": {
                  "name": "9Base-RHOSO-TOOLS-18",
                  "product_id": "9Base-RHOSO-TOOLS-18",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openstack:18.0::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenStack Services on OpenShift"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
                "product": {
                  "name": "golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
                  "product_id": "golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/golang-github-openstack-k8s-operators-os-diff@0.1.1-18.0.20260602234716.a95ae05.el9ost?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
                "product": {
                  "name": "golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
                  "product_id": "golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/golang-github-openstack-k8s-operators-os-diff@0.1.1-18.0.20260602234716.a95ae05.el9ost?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src as a component of Red Hat OpenStack Services on OpenShift 18.0",
          "product_id": "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src"
        },
        "product_reference": "golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
        "relates_to_product_reference": "9Base-RHOSO-18.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64 as a component of Red Hat OpenStack Services on OpenShift 18.0",
          "product_id": "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
        },
        "product_reference": "golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
        "relates_to_product_reference": "9Base-RHOSO-18.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src as a component of 9Base-RHOSO-TOOLS-18",
          "product_id": "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src"
        },
        "product_reference": "golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
        "relates_to_product_reference": "9Base-RHOSO-TOOLS-18"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64 as a component of 9Base-RHOSO-TOOLS-18",
          "product_id": "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
        },
        "product_reference": "golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
        "relates_to_product_reference": "9Base-RHOSO-TOOLS-18"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-61726",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2026-01-28T20:01:42.791305+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2434432"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
          "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
          "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
          "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-61726"
        },
        {
          "category": "external",
          "summary": "RHBZ#2434432",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/736712",
          "url": "https://go.dev/cl/736712"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/77101",
          "url": "https://go.dev/issue/77101"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
          "url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2026-4341",
          "url": "https://pkg.go.dev/vuln/GO-2026-4341"
        }
      ],
      "release_date": "2026-01-28T19:30:31.215000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-15T09:55:31+00:00",
          "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:39810"
        },
        {
          "category": "workaround",
          "details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
          "product_ids": [
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
    },
    {
      "cve": "CVE-2025-61729",
      "cwe": {
        "id": "CWE-1050",
        "name": "Excessive Platform Resource Consumption within a Loop"
      },
      "discovery_date": "2025-12-02T20:01:45.330964+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2418462"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
          "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
          "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
          "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-61729"
        },
        {
          "category": "external",
          "summary": "RHBZ#2418462",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/725920",
          "url": "https://go.dev/cl/725920"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/76445",
          "url": "https://go.dev/issue/76445"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
          "url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-4155",
          "url": "https://pkg.go.dev/vuln/GO-2025-4155"
        }
      ],
      "release_date": "2025-12-02T18:54:10.166000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-15T09:55:31+00:00",
          "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:39810"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "cve": "CVE-2026-25679",
      "cwe": {
        "id": "CWE-1286",
        "name": "Improper Validation of Syntactic Correctness of Input"
      },
      "discovery_date": "2026-03-06T22:02:11.567841+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2445356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
          "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
          "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
          "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-25679"
        },
        {
          "category": "external",
          "summary": "RHBZ#2445356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/752180",
          "url": "https://go.dev/cl/752180"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/77578",
          "url": "https://go.dev/issue/77578"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
          "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2026-4601",
          "url": "https://pkg.go.dev/vuln/GO-2026-4601"
        }
      ],
      "release_date": "2026-03-06T21:28:14.211000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-15T09:55:31+00:00",
          "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:39810"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
    },
    {
      "cve": "CVE-2026-27137",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "discovery_date": "2026-03-06T22:01:38.859733+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2445345"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
          "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
          "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
          "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-27137"
        },
        {
          "category": "external",
          "summary": "RHBZ#2445345",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/752182",
          "url": "https://go.dev/cl/752182"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/77952",
          "url": "https://go.dev/issue/77952"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
          "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2026-4599",
          "url": "https://pkg.go.dev/vuln/GO-2026-4599"
        }
      ],
      "release_date": "2026-03-06T21:28:13.748000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-15T09:55:31+00:00",
          "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:39810"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
    },
    {
      "cve": "CVE-2026-32280",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2026-04-08T02:01:19.572351+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2456339"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
          "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
          "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
          "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-32280"
        },
        {
          "category": "external",
          "summary": "RHBZ#2456339",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/758320",
          "url": "https://go.dev/cl/758320"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/78282",
          "url": "https://go.dev/issue/78282"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
          "url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2026-4947",
          "url": "https://pkg.go.dev/vuln/GO-2026-4947"
        }
      ],
      "release_date": "2026-04-08T01:06:58.595000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-15T09:55:31+00:00",
          "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:39810"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
    },
    {
      "cve": "CVE-2026-32281",
      "cwe": {
        "id": "CWE-1050",
        "name": "Excessive Platform Resource Consumption within a Loop"
      },
      "discovery_date": "2026-04-08T02:01:00.930989+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2456333"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
          "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
          "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
          "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-32281"
        },
        {
          "category": "external",
          "summary": "RHBZ#2456333",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/758061",
          "url": "https://go.dev/cl/758061"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/78281",
          "url": "https://go.dev/issue/78281"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
          "url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2026-4946",
          "url": "https://pkg.go.dev/vuln/GO-2026-4946"
        }
      ],
      "release_date": "2026-04-08T01:06:58.354000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-15T09:55:31+00:00",
          "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:39810"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "cve": "CVE-2026-32282",
      "cwe": {
        "id": "CWE-367",
        "name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
      },
      "discovery_date": "2026-04-08T02:01:12.683211+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2456336"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
          "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
          "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
          "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-32282"
        },
        {
          "category": "external",
          "summary": "RHBZ#2456336",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/763761",
          "url": "https://go.dev/cl/763761"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/78293",
          "url": "https://go.dev/issue/78293"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
          "url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2026-4864",
          "url": "https://pkg.go.dev/vuln/GO-2026-4864"
        }
      ],
      "release_date": "2026-04-08T01:06:55.953000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-15T09:55:31+00:00",
          "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:39810"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
    },
    {
      "cve": "CVE-2026-32283",
      "cwe": {
        "id": "CWE-764",
        "name": "Multiple Locks of a Critical Resource"
      },
      "discovery_date": "2026-04-08T02:01:16.213799+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2456338"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Important: A flaw in the Go `crypto/tls` package allows a remote attacker to cause a denial of service in applications using TLS 1.3. By sending multiple key update messages in a single record post-handshake, an attacker can trigger a connection deadlock, leading to uncontrolled resource consumption. This impacts Red Hat products utilizing the affected Go standard library for TLS 1.3 connections.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
          "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
          "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
          "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-32283"
        },
        {
          "category": "external",
          "summary": "RHBZ#2456338",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/763767",
          "url": "https://go.dev/cl/763767"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/78334",
          "url": "https://go.dev/issue/78334"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
          "url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2026-4870",
          "url": "https://pkg.go.dev/vuln/GO-2026-4870"
        }
      ],
      "release_date": "2026-04-08T01:06:57.670000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-15T09:55:31+00:00",
          "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:39810"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
    },
    {
      "cve": "CVE-2026-33810",
      "cwe": {
        "id": "CWE-1289",
        "name": "Improper Validation of Unsafe Equivalence in Input"
      },
      "discovery_date": "2026-04-08T02:01:09.100830+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2456335"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is an Important flaw in the Go `crypto/x509` package that could allow an attacker to bypass certificate validation. The vulnerability arises from an incorrect application of excluded DNS constraints to wildcard DNS Subject Alternative Names (SANs) when their case differs from the constraint. This could lead to Red Hat products accepting malicious certificates from otherwise trusted chains, compromising the trust model.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
          "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
          "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
          "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-33810"
        },
        {
          "category": "external",
          "summary": "RHBZ#2456335",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456335"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-33810",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/763763",
          "url": "https://go.dev/cl/763763"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/78332",
          "url": "https://go.dev/issue/78332"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
          "url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2026-4866",
          "url": "https://pkg.go.dev/vuln/GO-2026-4866"
        }
      ],
      "release_date": "2026-04-08T01:06:56.546000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-15T09:55:31+00:00",
          "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:39810"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application"
    },
    {
      "cve": "CVE-2026-33811",
      "cwe": {
        "id": "CWE-1341",
        "name": "Multiple Releases of Same Resource or Handle"
      },
      "discovery_date": "2026-05-07T20:01:34.913869+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2467822"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is an Important denial of service vulnerability in the Go `net` package, affecting applications configured to use the `cgo` DNS resolver. A remote attacker could trigger a double-free memory error by providing a very long CNAME response, leading to a crash of the vulnerable application and impacting service availability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
          "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
          "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
          "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-33811"
        },
        {
          "category": "external",
          "summary": "RHBZ#2467822",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467822"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-33811",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33811"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/767860",
          "url": "https://go.dev/cl/767860"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/78803",
          "url": "https://go.dev/issue/78803"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
          "url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2026-4981",
          "url": "https://pkg.go.dev/vuln/GO-2026-4981"
        }
      ],
      "release_date": "2026-05-07T19:41:19.285000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-15T09:55:31+00:00",
          "details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:39810"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, applications can be configured to use the pure Go DNS resolver instead of the `cgo` DNS resolver. This can be achieved by setting the `GODEBUG` environment variable to `netdns=go`. For example, to run a Go application with this mitigation: `GODEBUG=netdns=go /path/to/your/go/application`. This change may require restarting affected applications or services to take effect. Users should verify that this change does not negatively impact DNS resolution for their specific application environment.",
          "product_ids": [
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-18.0:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.src",
            "9Base-RHOSO-TOOLS-18:golang-github-openstack-k8s-operators-os-diff-0:0.1.1-18.0.20260602234716.a95ae05.el9ost.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
    }
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…