Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-45341 (GCVE-0-2024-45341)
Vulnerability from cvelistv5 – Published: 2025-01-28 01:03 – Updated: 2025-02-21 18:03
VLAI
EPSS
Title
Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509
Summary
A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | crypto/x509 |
Affected:
0 , < 1.22.11
(semver)
Affected: 1.23.0-0 , < 1.23.5 (semver) Affected: 1.24.0-0 , < 1.24.0-rc.2 (semver) |
Credits
Juho Forsén of Mattermost
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45341",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T14:57:00.467281Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T15:16:58.278Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-02-21T18:03:33.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250221-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "crypto/x509",
"product": "crypto/x509",
"programRoutines": [
{
"name": "matchURIConstraint"
},
{
"name": "CertPool.AppendCertsFromPEM"
},
{
"name": "Certificate.CheckCRLSignature"
},
{
"name": "Certificate.CheckSignature"
},
{
"name": "Certificate.CheckSignatureFrom"
},
{
"name": "Certificate.CreateCRL"
},
{
"name": "Certificate.Verify"
},
{
"name": "Certificate.VerifyHostname"
},
{
"name": "CertificateRequest.CheckSignature"
},
{
"name": "CreateCertificate"
},
{
"name": "CreateCertificateRequest"
},
{
"name": "CreateRevocationList"
},
{
"name": "DecryptPEMBlock"
},
{
"name": "EncryptPEMBlock"
},
{
"name": "HostnameError.Error"
},
{
"name": "MarshalECPrivateKey"
},
{
"name": "MarshalPKCS1PrivateKey"
},
{
"name": "MarshalPKCS1PublicKey"
},
{
"name": "MarshalPKCS8PrivateKey"
},
{
"name": "MarshalPKIXPublicKey"
},
{
"name": "ParseCRL"
},
{
"name": "ParseCertificate"
},
{
"name": "ParseCertificateRequest"
},
{
"name": "ParseCertificates"
},
{
"name": "ParseDERCRL"
},
{
"name": "ParseECPrivateKey"
},
{
"name": "ParsePKCS1PrivateKey"
},
{
"name": "ParsePKCS1PublicKey"
},
{
"name": "ParsePKCS8PrivateKey"
},
{
"name": "ParsePKIXPublicKey"
},
{
"name": "ParseRevocationList"
},
{
"name": "RevocationList.CheckSignatureFrom"
},
{
"name": "SetFallbackRoots"
},
{
"name": "SystemCertPool"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.22.11",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.23.5",
"status": "affected",
"version": "1.23.0-0",
"versionType": "semver"
},
{
"lessThan": "1.24.0-rc.2",
"status": "affected",
"version": "1.24.0-0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Juho Fors\u00e9n of Mattermost"
}
],
"descriptions": [
{
"lang": "en",
"value": "A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-295: Improper Certificate Validation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T19:14:21.421Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/643099"
},
{
"url": "https://go.dev/issue/71156"
},
{
"url": "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ"
},
{
"url": "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ"
},
{
"url": "https://pkg.go.dev/vuln/GO-2025-3373"
}
],
"title": "Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2024-45341",
"datePublished": "2025-01-28T01:03:24.353Z",
"dateReserved": "2024-08-27T19:41:58.556Z",
"dateUpdated": "2025-02-21T18:03:33.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-45341",
"date": "2026-06-06",
"epss": "0.00119",
"percentile": "0.30386"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-45341\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2025-01-28T02:15:29.147\",\"lastModified\":\"2025-02-21T18:15:17.960\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.\"},{\"lang\":\"es\",\"value\":\"Un certificado con un URI que tiene una direcci\u00f3n IPv6 con un ID de zona puede satisfacer incorrectamente una restricci\u00f3n de nombre de URI que se aplica a la cadena de certificados. Los certificados que contienen URI no est\u00e1n permitidos en la PKI web, por lo que esto solo afecta a los usuarios de PKI privadas que utilizan URI.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"references\":[{\"url\":\"https://go.dev/cl/643099\",\"source\":\"security@golang.org\"},{\"url\":\"https://go.dev/issue/71156\",\"source\":\"security@golang.org\"},{\"url\":\"https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ\",\"source\":\"security@golang.org\"},{\"url\":\"https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ\",\"source\":\"security@golang.org\"},{\"url\":\"https://pkg.go.dev/vuln/GO-2025-3373\",\"source\":\"security@golang.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20250221-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20250221-0004/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-02-21T18:03:33.296Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-45341\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-28T14:57:00.467281Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-28T14:47:13.751Z\"}}], \"cna\": {\"title\": \"Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509\", \"credits\": [{\"lang\": \"en\", \"value\": \"Juho Fors\\u00e9n of Mattermost\"}], \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"crypto/x509\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.22.11\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.23.0-0\", \"lessThan\": \"1.23.5\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.24.0-0\", \"lessThan\": \"1.24.0-rc.2\", \"versionType\": \"semver\"}], \"packageName\": \"crypto/x509\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"matchURIConstraint\"}, {\"name\": \"CertPool.AppendCertsFromPEM\"}, {\"name\": \"Certificate.CheckCRLSignature\"}, {\"name\": \"Certificate.CheckSignature\"}, {\"name\": \"Certificate.CheckSignatureFrom\"}, {\"name\": \"Certificate.CreateCRL\"}, {\"name\": \"Certificate.Verify\"}, {\"name\": \"Certificate.VerifyHostname\"}, {\"name\": \"CertificateRequest.CheckSignature\"}, {\"name\": \"CreateCertificate\"}, {\"name\": \"CreateCertificateRequest\"}, {\"name\": \"CreateRevocationList\"}, {\"name\": \"DecryptPEMBlock\"}, {\"name\": \"EncryptPEMBlock\"}, {\"name\": \"HostnameError.Error\"}, {\"name\": \"MarshalECPrivateKey\"}, {\"name\": \"MarshalPKCS1PrivateKey\"}, {\"name\": \"MarshalPKCS1PublicKey\"}, {\"name\": \"MarshalPKCS8PrivateKey\"}, {\"name\": \"MarshalPKIXPublicKey\"}, {\"name\": \"ParseCRL\"}, {\"name\": \"ParseCertificate\"}, {\"name\": \"ParseCertificateRequest\"}, {\"name\": \"ParseCertificates\"}, {\"name\": \"ParseDERCRL\"}, {\"name\": \"ParseECPrivateKey\"}, {\"name\": \"ParsePKCS1PrivateKey\"}, {\"name\": \"ParsePKCS1PublicKey\"}, {\"name\": \"ParsePKCS8PrivateKey\"}, {\"name\": \"ParsePKIXPublicKey\"}, {\"name\": \"ParseRevocationList\"}, {\"name\": \"RevocationList.CheckSignatureFrom\"}, {\"name\": \"SetFallbackRoots\"}, {\"name\": \"SystemCertPool\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/643099\"}, {\"url\": \"https://go.dev/issue/71156\"}, {\"url\": \"https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ\"}, {\"url\": \"https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2025-3373\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-295: Improper Certificate Validation\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2025-01-30T19:14:21.421Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-45341\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-21T18:03:33.296Z\", \"dateReserved\": \"2024-08-27T19:41:58.556Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2025-01-28T01:03:24.353Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
GHSA-3F6R-QH9C-X6MM
Vulnerability from github – Published: 2025-01-28 03:31 – Updated: 2025-02-21 18:31
VLAI
Details
A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.
Severity
6.1 (Medium)
{
"affected": [],
"aliases": [
"CVE-2024-45341"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-28T02:15:29Z",
"severity": "MODERATE"
},
"details": "A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.",
"id": "GHSA-3f6r-qh9c-x6mm",
"modified": "2025-02-21T18:31:06Z",
"published": "2025-01-28T03:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45341"
},
{
"type": "WEB",
"url": "https://go.dev/cl/643099"
},
{
"type": "WEB",
"url": "https://go.dev/issue/71156"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2025-3373"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20250221-0004"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
MSRC_CVE-2024-45341
Vulnerability from csaf_microsoft - Published: 2025-01-02 00:00 - Updated: 2026-03-26 01:35Summary
Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
6.1 (Medium)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17116-17086 | — | ||
| Unresolved product id: 17117-17086 | — | ||
| Unresolved product id: 17115-17086 | — | ||
| Unresolved product id: 19747-17086 | — | ||
| Unresolved product id: 20942-17086 | — | ||
| Unresolved product id: 19785-17086 | — | ||
| Unresolved product id: 18444-17086 | — |
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17086-21 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-20 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-22 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-7 | — |
None Available
|
|
| Unresolved product id: 17086-9 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-5 | — |
None Available
|
|
| Unresolved product id: 17086-4 | — |
None Available
|
|
| Unresolved product id: 17086-2 | — |
None Available
|
|
| Unresolved product id: 17086-1 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-6 | — |
None Available
|
|
| Unresolved product id: 17086-3 | — |
None Available
|
|
| Unresolved product id: 17086-17 | — |
Vendor Fix
fix
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-14 | — | ||
| Unresolved product id: 17084-19 | — | ||
| Unresolved product id: 17084-13 | — | ||
| Unresolved product id: 17086-11 | — | ||
| Unresolved product id: 17084-12 | — | ||
| Unresolved product id: 17086-16 | — | ||
| Unresolved product id: 17084-18 | — | ||
| Unresolved product id: 17086-10 | — | ||
| Unresolved product id: 17086-15 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2025/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2025/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45341 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509 - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2024-45341.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509",
"tracking": {
"current_release_date": "2026-03-26T01:35:59.000Z",
"generator": {
"date": "2026-03-26T07:17:30.490Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2024-45341",
"initial_release_date": "2025-01-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-02-13T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2025-12-06T14:35:04.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
},
{
"date": "2026-02-18T02:45:15.000Z",
"legacy_version": "3",
"number": "3",
"summary": "Information published."
},
{
"date": "2026-03-03T14:58:08.000Z",
"legacy_version": "4",
"number": "4",
"summary": "Information published."
},
{
"date": "2026-03-26T01:35:59.000Z",
"legacy_version": "5",
"number": "5",
"summary": "Information published."
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 golang 1.18.8-5",
"product": {
"name": "\u003ccbl2 golang 1.18.8-5",
"product_id": "21"
}
},
{
"category": "product_version",
"name": "cbl2 golang 1.18.8-5",
"product": {
"name": "cbl2 golang 1.18.8-5",
"product_id": "17116"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 golang 1.22.7-2",
"product": {
"name": "\u003ccbl2 golang 1.22.7-2",
"product_id": "20"
}
},
{
"category": "product_version",
"name": "cbl2 golang 1.22.7-2",
"product": {
"name": "cbl2 golang 1.22.7-2",
"product_id": "17117"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 golang 1.22.7-3",
"product": {
"name": "\u003ccbl2 golang 1.22.7-3",
"product_id": "9"
}
},
{
"category": "product_version",
"name": "cbl2 golang 1.22.7-3",
"product": {
"name": "cbl2 golang 1.22.7-3",
"product_id": "19747"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 golang 1.18.8-7",
"product": {
"name": "\u003ccbl2 golang 1.18.8-7",
"product_id": "8"
}
},
{
"category": "product_version",
"name": "cbl2 golang 1.18.8-7",
"product": {
"name": "cbl2 golang 1.18.8-7",
"product_id": "19785"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 golang 1.22.7-3",
"product": {
"name": "\u003ccbl2 golang 1.22.7-3",
"product_id": "17"
}
},
{
"category": "product_version",
"name": "cbl2 golang 1.22.7-3",
"product": {
"name": "cbl2 golang 1.22.7-3",
"product_id": "18444"
}
}
],
"category": "product_name",
"name": "golang"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 msft-golang 1.23.3-2",
"product": {
"name": "\u003ccbl2 msft-golang 1.23.3-2",
"product_id": "22"
}
},
{
"category": "product_version",
"name": "cbl2 msft-golang 1.23.3-2",
"product": {
"name": "cbl2 msft-golang 1.23.3-2",
"product_id": "17115"
}
},
{
"category": "product_version_range",
"name": "cbl2 msft-golang 1.24.1-3",
"product": {
"name": "cbl2 msft-golang 1.24.1-3",
"product_id": "7"
}
},
{
"category": "product_version_range",
"name": "cbl2 msft-golang 1.24.8-1",
"product": {
"name": "cbl2 msft-golang 1.24.8-1",
"product_id": "5"
}
},
{
"category": "product_version_range",
"name": "cbl2 msft-golang 1.24.9-1",
"product": {
"name": "cbl2 msft-golang 1.24.9-1",
"product_id": "4"
}
},
{
"category": "product_version_range",
"name": "cbl2 msft-golang 1.24.12-1",
"product": {
"name": "cbl2 msft-golang 1.24.12-1",
"product_id": "2"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 msft-golang 1.24.13-1",
"product": {
"name": "\u003ccbl2 msft-golang 1.24.13-1",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 msft-golang 1.24.13-1",
"product": {
"name": "cbl2 msft-golang 1.24.13-1",
"product_id": "20942"
}
},
{
"category": "product_version_range",
"name": "cbl2 msft-golang 1.24.5-1",
"product": {
"name": "cbl2 msft-golang 1.24.5-1",
"product_id": "6"
}
},
{
"category": "product_version_range",
"name": "cbl2 msft-golang 1.24.11-1",
"product": {
"name": "cbl2 msft-golang 1.24.11-1",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "msft-golang"
},
{
"category": "product_name",
"name": "azl3 golang 1.23.9-1",
"product": {
"name": "azl3 golang 1.23.9-1",
"product_id": "14"
}
},
{
"category": "product_name",
"name": "azl3 tensorflow 2.16.1-9",
"product": {
"name": "azl3 tensorflow 2.16.1-9",
"product_id": "19"
}
},
{
"category": "product_name",
"name": "azl3 python-tensorboard 2.16.2-6",
"product": {
"name": "azl3 python-tensorboard 2.16.2-6",
"product_id": "13"
}
},
{
"category": "product_name",
"name": "cbl2 python-tensorboard 2.11.0-3",
"product": {
"name": "cbl2 python-tensorboard 2.11.0-3",
"product_id": "11"
}
},
{
"category": "product_name",
"name": "azl3 golang 1.24.3-1",
"product": {
"name": "azl3 golang 1.24.3-1",
"product_id": "12"
}
},
{
"category": "product_name",
"name": "cbl2 gcc 11.2.0-8",
"product": {
"name": "cbl2 gcc 11.2.0-8",
"product_id": "16"
}
},
{
"category": "product_name",
"name": "azl3 gcc 13.2.0-7",
"product": {
"name": "azl3 gcc 13.2.0-7",
"product_id": "18"
}
},
{
"category": "product_name",
"name": "cbl2 gcc 11.2.0-8",
"product": {
"name": "cbl2 gcc 11.2.0-8",
"product_id": "10"
}
},
{
"category": "product_name",
"name": "cbl2 tensorflow 2.11.1-2",
"product": {
"name": "cbl2 tensorflow 2.11.1-2",
"product_id": "15"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 golang 1.18.8-5 as a component of CBL Mariner 2.0",
"product_id": "17086-21"
},
"product_reference": "21",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 golang 1.18.8-5 as a component of CBL Mariner 2.0",
"product_id": "17116-17086"
},
"product_reference": "17116",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 golang 1.22.7-2 as a component of CBL Mariner 2.0",
"product_id": "17086-20"
},
"product_reference": "20",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 golang 1.22.7-2 as a component of CBL Mariner 2.0",
"product_id": "17117-17086"
},
"product_reference": "17117",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 msft-golang 1.23.3-2 as a component of CBL Mariner 2.0",
"product_id": "17086-22"
},
"product_reference": "22",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 msft-golang 1.23.3-2 as a component of CBL Mariner 2.0",
"product_id": "17115-17086"
},
"product_reference": "17115",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 golang 1.23.9-1 as a component of Azure Linux 3.0",
"product_id": "17084-14"
},
"product_reference": "14",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 tensorflow 2.16.1-9 as a component of Azure Linux 3.0",
"product_id": "17084-19"
},
"product_reference": "19",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-tensorboard 2.16.2-6 as a component of Azure Linux 3.0",
"product_id": "17084-13"
},
"product_reference": "13",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 msft-golang 1.24.1-3 as a component of CBL Mariner 2.0",
"product_id": "17086-7"
},
"product_reference": "7",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 golang 1.22.7-3 as a component of CBL Mariner 2.0",
"product_id": "17086-9"
},
"product_reference": "9",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 golang 1.22.7-3 as a component of CBL Mariner 2.0",
"product_id": "19747-17086"
},
"product_reference": "19747",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 python-tensorboard 2.11.0-3 as a component of CBL Mariner 2.0",
"product_id": "17086-11"
},
"product_reference": "11",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 golang 1.24.3-1 as a component of Azure Linux 3.0",
"product_id": "17084-12"
},
"product_reference": "12",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 msft-golang 1.24.8-1 as a component of CBL Mariner 2.0",
"product_id": "17086-5"
},
"product_reference": "5",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 msft-golang 1.24.9-1 as a component of CBL Mariner 2.0",
"product_id": "17086-4"
},
"product_reference": "4",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 gcc 11.2.0-8 as a component of CBL Mariner 2.0",
"product_id": "17086-16"
},
"product_reference": "16",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 msft-golang 1.24.12-1 as a component of CBL Mariner 2.0",
"product_id": "17086-2"
},
"product_reference": "2",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 msft-golang 1.24.13-1 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 msft-golang 1.24.13-1 as a component of CBL Mariner 2.0",
"product_id": "20942-17086"
},
"product_reference": "20942",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 gcc 13.2.0-7 as a component of Azure Linux 3.0",
"product_id": "17084-18"
},
"product_reference": "18",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 gcc 11.2.0-8 as a component of CBL Mariner 2.0",
"product_id": "17086-10"
},
"product_reference": "10",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 golang 1.18.8-7 as a component of CBL Mariner 2.0",
"product_id": "17086-8"
},
"product_reference": "8",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 golang 1.18.8-7 as a component of CBL Mariner 2.0",
"product_id": "19785-17086"
},
"product_reference": "19785",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 tensorflow 2.11.1-2 as a component of CBL Mariner 2.0",
"product_id": "17086-15"
},
"product_reference": "15",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 msft-golang 1.24.5-1 as a component of CBL Mariner 2.0",
"product_id": "17086-6"
},
"product_reference": "6",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 msft-golang 1.24.11-1 as a component of CBL Mariner 2.0",
"product_id": "17086-3"
},
"product_reference": "3",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 golang 1.22.7-3 as a component of CBL Mariner 2.0",
"product_id": "17086-17"
},
"product_reference": "17",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 golang 1.22.7-3 as a component of CBL Mariner 2.0",
"product_id": "18444-17086"
},
"product_reference": "18444",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45341",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17084-14",
"17084-19",
"17084-13",
"17086-11",
"17084-12",
"17086-16",
"17084-18",
"17086-10",
"17086-15"
]
}
],
"notes": [
{
"category": "general",
"text": "Go",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"17116-17086",
"17117-17086",
"17115-17086",
"19747-17086",
"20942-17086",
"19785-17086",
"18444-17086"
],
"known_affected": [
"17086-21",
"17086-20",
"17086-22",
"17086-7",
"17086-9",
"17086-5",
"17086-4",
"17086-2",
"17086-1",
"17086-8",
"17086-6",
"17086-3",
"17086-17"
],
"known_not_affected": [
"17084-14",
"17084-19",
"17084-13",
"17086-11",
"17084-12",
"17086-16",
"17084-18",
"17086-10",
"17086-15"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45341 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509 - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2024-45341.json"
}
],
"remediations": [
{
"category": "none_available",
"date": "2025-02-13T00:00:00.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-7"
]
},
{
"category": "none_available",
"date": "2025-02-13T00:00:00.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-5"
]
},
{
"category": "none_available",
"date": "2025-02-13T00:00:00.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-4"
]
},
{
"category": "none_available",
"date": "2025-02-13T00:00:00.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-2"
]
},
{
"category": "none_available",
"date": "2025-02-13T00:00:00.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-6"
]
},
{
"category": "none_available",
"date": "2025-02-13T00:00:00.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-3"
]
},
{
"category": "vendor_fix",
"date": "2025-02-13T00:00:00.000Z",
"details": "1.18.8-5:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-21",
"17086-8"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-02-13T00:00:00.000Z",
"details": "1.22.7-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-20",
"17086-9",
"17086-17"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-02-13T00:00:00.000Z",
"details": "1.23.3-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-22",
"17086-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalsScore": 0.0,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 6.1,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"17086-21",
"17086-20",
"17086-22",
"17086-7",
"17086-9",
"17086-5",
"17086-4",
"17086-2",
"17086-1",
"17086-8",
"17086-6",
"17086-3",
"17086-17"
]
}
],
"title": "Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509"
}
]
}
OPENSUSE-SU-2025:14693-1
Vulnerability from csaf_opensuse - Published: 2025-01-24 00:00 - Updated: 2025-01-24 00:00Summary
go1.24-1.24rc2-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: go1.24-1.24rc2-1.1 on GA media
Description of the patch: These are all security issues fixed in the go1.24-1.24rc2-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-14693
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24rc2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24rc2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24rc2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24rc2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.7 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24rc2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24rc2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24rc2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24rc2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.2 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24rc2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24rc2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24rc2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24rc2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24rc2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24rc2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24rc2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24rc2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "go1.24-1.24rc2-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the go1.24-1.24rc2-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14693",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14693-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:14693-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZW52JECN55QJ6BSQ4PZXG4RAAPBRCVGB/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:14693-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZW52JECN55QJ6BSQ4PZXG4RAAPBRCVGB/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45336 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45336/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45340 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45341 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45341/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22865 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22865/"
}
],
"title": "go1.24-1.24rc2-1.1 on GA media",
"tracking": {
"current_release_date": "2025-01-24T00:00:00Z",
"generator": {
"date": "2025-01-24T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14693-1",
"initial_release_date": "2025-01-24T00:00:00Z",
"revision_history": [
{
"date": "2025-01-24T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.24-1.24rc2-1.1.aarch64",
"product": {
"name": "go1.24-1.24rc2-1.1.aarch64",
"product_id": "go1.24-1.24rc2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.24-doc-1.24rc2-1.1.aarch64",
"product": {
"name": "go1.24-doc-1.24rc2-1.1.aarch64",
"product_id": "go1.24-doc-1.24rc2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.24-libstd-1.24rc2-1.1.aarch64",
"product": {
"name": "go1.24-libstd-1.24rc2-1.1.aarch64",
"product_id": "go1.24-libstd-1.24rc2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.24-race-1.24rc2-1.1.aarch64",
"product": {
"name": "go1.24-race-1.24rc2-1.1.aarch64",
"product_id": "go1.24-race-1.24rc2-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.24-1.24rc2-1.1.ppc64le",
"product": {
"name": "go1.24-1.24rc2-1.1.ppc64le",
"product_id": "go1.24-1.24rc2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.24-doc-1.24rc2-1.1.ppc64le",
"product": {
"name": "go1.24-doc-1.24rc2-1.1.ppc64le",
"product_id": "go1.24-doc-1.24rc2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.24-libstd-1.24rc2-1.1.ppc64le",
"product": {
"name": "go1.24-libstd-1.24rc2-1.1.ppc64le",
"product_id": "go1.24-libstd-1.24rc2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.24-race-1.24rc2-1.1.ppc64le",
"product": {
"name": "go1.24-race-1.24rc2-1.1.ppc64le",
"product_id": "go1.24-race-1.24rc2-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.24-1.24rc2-1.1.s390x",
"product": {
"name": "go1.24-1.24rc2-1.1.s390x",
"product_id": "go1.24-1.24rc2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.24-doc-1.24rc2-1.1.s390x",
"product": {
"name": "go1.24-doc-1.24rc2-1.1.s390x",
"product_id": "go1.24-doc-1.24rc2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.24-libstd-1.24rc2-1.1.s390x",
"product": {
"name": "go1.24-libstd-1.24rc2-1.1.s390x",
"product_id": "go1.24-libstd-1.24rc2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.24-race-1.24rc2-1.1.s390x",
"product": {
"name": "go1.24-race-1.24rc2-1.1.s390x",
"product_id": "go1.24-race-1.24rc2-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.24-1.24rc2-1.1.x86_64",
"product": {
"name": "go1.24-1.24rc2-1.1.x86_64",
"product_id": "go1.24-1.24rc2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.24-doc-1.24rc2-1.1.x86_64",
"product": {
"name": "go1.24-doc-1.24rc2-1.1.x86_64",
"product_id": "go1.24-doc-1.24rc2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.24-libstd-1.24rc2-1.1.x86_64",
"product": {
"name": "go1.24-libstd-1.24rc2-1.1.x86_64",
"product_id": "go1.24-libstd-1.24rc2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.24-race-1.24rc2-1.1.x86_64",
"product": {
"name": "go1.24-race-1.24rc2-1.1.x86_64",
"product_id": "go1.24-race-1.24rc2-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-1.24rc2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-1.24rc2-1.1.aarch64"
},
"product_reference": "go1.24-1.24rc2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-1.24rc2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-1.24rc2-1.1.ppc64le"
},
"product_reference": "go1.24-1.24rc2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-1.24rc2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-1.24rc2-1.1.s390x"
},
"product_reference": "go1.24-1.24rc2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-1.24rc2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-1.24rc2-1.1.x86_64"
},
"product_reference": "go1.24-1.24rc2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-doc-1.24rc2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.aarch64"
},
"product_reference": "go1.24-doc-1.24rc2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-doc-1.24rc2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.ppc64le"
},
"product_reference": "go1.24-doc-1.24rc2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-doc-1.24rc2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.s390x"
},
"product_reference": "go1.24-doc-1.24rc2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-doc-1.24rc2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.x86_64"
},
"product_reference": "go1.24-doc-1.24rc2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-libstd-1.24rc2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.aarch64"
},
"product_reference": "go1.24-libstd-1.24rc2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-libstd-1.24rc2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.ppc64le"
},
"product_reference": "go1.24-libstd-1.24rc2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-libstd-1.24rc2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.s390x"
},
"product_reference": "go1.24-libstd-1.24rc2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-libstd-1.24rc2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.x86_64"
},
"product_reference": "go1.24-libstd-1.24rc2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-race-1.24rc2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.aarch64"
},
"product_reference": "go1.24-race-1.24rc2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-race-1.24rc2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.ppc64le"
},
"product_reference": "go1.24-race-1.24rc2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-race-1.24rc2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.s390x"
},
"product_reference": "go1.24-race-1.24rc2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-race-1.24rc2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.x86_64"
},
"product_reference": "go1.24-race-1.24rc2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45336",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45336"
}
],
"notes": [
{
"category": "general",
"text": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45336",
"url": "https://www.suse.com/security/cve/CVE-2024-45336"
},
{
"category": "external",
"summary": "SUSE Bug 1236045 for CVE-2024-45336",
"url": "https://bugzilla.suse.com/1236045"
},
{
"category": "external",
"summary": "SUSE Bug 1236046 for CVE-2024-45336",
"url": "https://bugzilla.suse.com/1236046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-45336"
},
{
"cve": "CVE-2024-45340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45340"
}
],
"notes": [
{
"category": "general",
"text": "Credentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. By default, unless otherwise set, this only affected credentials stored in the users .netrc file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45340",
"url": "https://www.suse.com/security/cve/CVE-2024-45340"
},
{
"category": "external",
"summary": "SUSE Bug 1236360 for CVE-2024-45340",
"url": "https://bugzilla.suse.com/1236360"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-45340"
},
{
"cve": "CVE-2024-45341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45341"
}
],
"notes": [
{
"category": "general",
"text": "A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45341",
"url": "https://www.suse.com/security/cve/CVE-2024-45341"
},
{
"category": "external",
"summary": "SUSE Bug 1236045 for CVE-2024-45341",
"url": "https://bugzilla.suse.com/1236045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-45341"
},
{
"cve": "CVE-2025-22865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22865"
}
],
"notes": [
{
"category": "general",
"text": "Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22865",
"url": "https://www.suse.com/security/cve/CVE-2025-22865"
},
{
"category": "external",
"summary": "SUSE Bug 1236361 for CVE-2025-22865",
"url": "https://bugzilla.suse.com/1236361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24rc2-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24rc2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-22865"
}
]
}
OPENSUSE-SU-2025:14694-1
Vulnerability from csaf_opensuse - Published: 2025-01-25 00:00 - Updated: 2025-01-25 00:00Summary
go1.22-1.22.11-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: go1.22-1.22.11-1.1 on GA media
Description of the patch: These are all security issues fixed in the go1.22-1.22.11-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-14694
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.22-1.22.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-1.22.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-1.22.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-1.22.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.2 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.22-1.22.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-1.22.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-1.22.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-1.22.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "go1.22-1.22.11-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the go1.22-1.22.11-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14694",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14694-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:14694-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Q3ZTZP3RXZGJRRPGSFEUWJMYPA5WPOPW/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:14694-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Q3ZTZP3RXZGJRRPGSFEUWJMYPA5WPOPW/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45336 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45336/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45341 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45341/"
}
],
"title": "go1.22-1.22.11-1.1 on GA media",
"tracking": {
"current_release_date": "2025-01-25T00:00:00Z",
"generator": {
"date": "2025-01-25T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14694-1",
"initial_release_date": "2025-01-25T00:00:00Z",
"revision_history": [
{
"date": "2025-01-25T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.22-1.22.11-1.1.aarch64",
"product": {
"name": "go1.22-1.22.11-1.1.aarch64",
"product_id": "go1.22-1.22.11-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.22-doc-1.22.11-1.1.aarch64",
"product": {
"name": "go1.22-doc-1.22.11-1.1.aarch64",
"product_id": "go1.22-doc-1.22.11-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.22-libstd-1.22.11-1.1.aarch64",
"product": {
"name": "go1.22-libstd-1.22.11-1.1.aarch64",
"product_id": "go1.22-libstd-1.22.11-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.22-race-1.22.11-1.1.aarch64",
"product": {
"name": "go1.22-race-1.22.11-1.1.aarch64",
"product_id": "go1.22-race-1.22.11-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.22-1.22.11-1.1.ppc64le",
"product": {
"name": "go1.22-1.22.11-1.1.ppc64le",
"product_id": "go1.22-1.22.11-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.22-doc-1.22.11-1.1.ppc64le",
"product": {
"name": "go1.22-doc-1.22.11-1.1.ppc64le",
"product_id": "go1.22-doc-1.22.11-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.22-libstd-1.22.11-1.1.ppc64le",
"product": {
"name": "go1.22-libstd-1.22.11-1.1.ppc64le",
"product_id": "go1.22-libstd-1.22.11-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.22-race-1.22.11-1.1.ppc64le",
"product": {
"name": "go1.22-race-1.22.11-1.1.ppc64le",
"product_id": "go1.22-race-1.22.11-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.22-1.22.11-1.1.s390x",
"product": {
"name": "go1.22-1.22.11-1.1.s390x",
"product_id": "go1.22-1.22.11-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.22-doc-1.22.11-1.1.s390x",
"product": {
"name": "go1.22-doc-1.22.11-1.1.s390x",
"product_id": "go1.22-doc-1.22.11-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.22-libstd-1.22.11-1.1.s390x",
"product": {
"name": "go1.22-libstd-1.22.11-1.1.s390x",
"product_id": "go1.22-libstd-1.22.11-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.22-race-1.22.11-1.1.s390x",
"product": {
"name": "go1.22-race-1.22.11-1.1.s390x",
"product_id": "go1.22-race-1.22.11-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.22-1.22.11-1.1.x86_64",
"product": {
"name": "go1.22-1.22.11-1.1.x86_64",
"product_id": "go1.22-1.22.11-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.22-doc-1.22.11-1.1.x86_64",
"product": {
"name": "go1.22-doc-1.22.11-1.1.x86_64",
"product_id": "go1.22-doc-1.22.11-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.22-libstd-1.22.11-1.1.x86_64",
"product": {
"name": "go1.22-libstd-1.22.11-1.1.x86_64",
"product_id": "go1.22-libstd-1.22.11-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.22-race-1.22.11-1.1.x86_64",
"product": {
"name": "go1.22-race-1.22.11-1.1.x86_64",
"product_id": "go1.22-race-1.22.11-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-1.22.11-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-1.22.11-1.1.aarch64"
},
"product_reference": "go1.22-1.22.11-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-1.22.11-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-1.22.11-1.1.ppc64le"
},
"product_reference": "go1.22-1.22.11-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-1.22.11-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-1.22.11-1.1.s390x"
},
"product_reference": "go1.22-1.22.11-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-1.22.11-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-1.22.11-1.1.x86_64"
},
"product_reference": "go1.22-1.22.11-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-doc-1.22.11-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.aarch64"
},
"product_reference": "go1.22-doc-1.22.11-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-doc-1.22.11-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.ppc64le"
},
"product_reference": "go1.22-doc-1.22.11-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-doc-1.22.11-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.s390x"
},
"product_reference": "go1.22-doc-1.22.11-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-doc-1.22.11-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.x86_64"
},
"product_reference": "go1.22-doc-1.22.11-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-libstd-1.22.11-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.aarch64"
},
"product_reference": "go1.22-libstd-1.22.11-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-libstd-1.22.11-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.ppc64le"
},
"product_reference": "go1.22-libstd-1.22.11-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-libstd-1.22.11-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.s390x"
},
"product_reference": "go1.22-libstd-1.22.11-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-libstd-1.22.11-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.x86_64"
},
"product_reference": "go1.22-libstd-1.22.11-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-race-1.22.11-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.aarch64"
},
"product_reference": "go1.22-race-1.22.11-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-race-1.22.11-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.ppc64le"
},
"product_reference": "go1.22-race-1.22.11-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-race-1.22.11-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.s390x"
},
"product_reference": "go1.22-race-1.22.11-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.22-race-1.22.11-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.x86_64"
},
"product_reference": "go1.22-race-1.22.11-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45336",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45336"
}
],
"notes": [
{
"category": "general",
"text": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.22-1.22.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-1.22.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-1.22.11-1.1.s390x",
"openSUSE Tumbleweed:go1.22-1.22.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.s390x",
"openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.s390x",
"openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.s390x",
"openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45336",
"url": "https://www.suse.com/security/cve/CVE-2024-45336"
},
{
"category": "external",
"summary": "SUSE Bug 1236045 for CVE-2024-45336",
"url": "https://bugzilla.suse.com/1236045"
},
{
"category": "external",
"summary": "SUSE Bug 1236046 for CVE-2024-45336",
"url": "https://bugzilla.suse.com/1236046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.22-1.22.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-1.22.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-1.22.11-1.1.s390x",
"openSUSE Tumbleweed:go1.22-1.22.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.s390x",
"openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.s390x",
"openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.s390x",
"openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.22-1.22.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-1.22.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-1.22.11-1.1.s390x",
"openSUSE Tumbleweed:go1.22-1.22.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.s390x",
"openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.s390x",
"openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.s390x",
"openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-45336"
},
{
"cve": "CVE-2024-45341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45341"
}
],
"notes": [
{
"category": "general",
"text": "A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.22-1.22.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-1.22.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-1.22.11-1.1.s390x",
"openSUSE Tumbleweed:go1.22-1.22.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.s390x",
"openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.s390x",
"openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.s390x",
"openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45341",
"url": "https://www.suse.com/security/cve/CVE-2024-45341"
},
{
"category": "external",
"summary": "SUSE Bug 1236045 for CVE-2024-45341",
"url": "https://bugzilla.suse.com/1236045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.22-1.22.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-1.22.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-1.22.11-1.1.s390x",
"openSUSE Tumbleweed:go1.22-1.22.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.s390x",
"openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.s390x",
"openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.s390x",
"openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.22-1.22.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-1.22.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-1.22.11-1.1.s390x",
"openSUSE Tumbleweed:go1.22-1.22.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.s390x",
"openSUSE Tumbleweed:go1.22-doc-1.22.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.s390x",
"openSUSE Tumbleweed:go1.22-libstd-1.22.11-1.1.x86_64",
"openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.aarch64",
"openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.ppc64le",
"openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.s390x",
"openSUSE Tumbleweed:go1.22-race-1.22.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-45341"
}
]
}
OPENSUSE-SU-2025:14695-1
Vulnerability from csaf_opensuse - Published: 2025-01-25 00:00 - Updated: 2025-01-25 00:00Summary
go1.23-1.23.5-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: go1.23-1.23.5-1.1 on GA media
Description of the patch: These are all security issues fixed in the go1.23-1.23.5-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-14695
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.23-1.23.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-1.23.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-1.23.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-1.23.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.2 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.23-1.23.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-1.23.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-1.23.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-1.23.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "go1.23-1.23.5-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the go1.23-1.23.5-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14695",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14695-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:14695-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YRIXY47SJKPKQTDVCPRO6E2DUY5GPEEU/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:14695-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YRIXY47SJKPKQTDVCPRO6E2DUY5GPEEU/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45336 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45336/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45341 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45341/"
}
],
"title": "go1.23-1.23.5-1.1 on GA media",
"tracking": {
"current_release_date": "2025-01-25T00:00:00Z",
"generator": {
"date": "2025-01-25T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14695-1",
"initial_release_date": "2025-01-25T00:00:00Z",
"revision_history": [
{
"date": "2025-01-25T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.23-1.23.5-1.1.aarch64",
"product": {
"name": "go1.23-1.23.5-1.1.aarch64",
"product_id": "go1.23-1.23.5-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.23-doc-1.23.5-1.1.aarch64",
"product": {
"name": "go1.23-doc-1.23.5-1.1.aarch64",
"product_id": "go1.23-doc-1.23.5-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.23-libstd-1.23.5-1.1.aarch64",
"product": {
"name": "go1.23-libstd-1.23.5-1.1.aarch64",
"product_id": "go1.23-libstd-1.23.5-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.23-race-1.23.5-1.1.aarch64",
"product": {
"name": "go1.23-race-1.23.5-1.1.aarch64",
"product_id": "go1.23-race-1.23.5-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.23-1.23.5-1.1.ppc64le",
"product": {
"name": "go1.23-1.23.5-1.1.ppc64le",
"product_id": "go1.23-1.23.5-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.23-doc-1.23.5-1.1.ppc64le",
"product": {
"name": "go1.23-doc-1.23.5-1.1.ppc64le",
"product_id": "go1.23-doc-1.23.5-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.23-libstd-1.23.5-1.1.ppc64le",
"product": {
"name": "go1.23-libstd-1.23.5-1.1.ppc64le",
"product_id": "go1.23-libstd-1.23.5-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.23-race-1.23.5-1.1.ppc64le",
"product": {
"name": "go1.23-race-1.23.5-1.1.ppc64le",
"product_id": "go1.23-race-1.23.5-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.23-1.23.5-1.1.s390x",
"product": {
"name": "go1.23-1.23.5-1.1.s390x",
"product_id": "go1.23-1.23.5-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.23-doc-1.23.5-1.1.s390x",
"product": {
"name": "go1.23-doc-1.23.5-1.1.s390x",
"product_id": "go1.23-doc-1.23.5-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.23-libstd-1.23.5-1.1.s390x",
"product": {
"name": "go1.23-libstd-1.23.5-1.1.s390x",
"product_id": "go1.23-libstd-1.23.5-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.23-race-1.23.5-1.1.s390x",
"product": {
"name": "go1.23-race-1.23.5-1.1.s390x",
"product_id": "go1.23-race-1.23.5-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.23-1.23.5-1.1.x86_64",
"product": {
"name": "go1.23-1.23.5-1.1.x86_64",
"product_id": "go1.23-1.23.5-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.23-doc-1.23.5-1.1.x86_64",
"product": {
"name": "go1.23-doc-1.23.5-1.1.x86_64",
"product_id": "go1.23-doc-1.23.5-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.23-libstd-1.23.5-1.1.x86_64",
"product": {
"name": "go1.23-libstd-1.23.5-1.1.x86_64",
"product_id": "go1.23-libstd-1.23.5-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.23-race-1.23.5-1.1.x86_64",
"product": {
"name": "go1.23-race-1.23.5-1.1.x86_64",
"product_id": "go1.23-race-1.23.5-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-1.23.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-1.23.5-1.1.aarch64"
},
"product_reference": "go1.23-1.23.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-1.23.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-1.23.5-1.1.ppc64le"
},
"product_reference": "go1.23-1.23.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-1.23.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-1.23.5-1.1.s390x"
},
"product_reference": "go1.23-1.23.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-1.23.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-1.23.5-1.1.x86_64"
},
"product_reference": "go1.23-1.23.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-doc-1.23.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.aarch64"
},
"product_reference": "go1.23-doc-1.23.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-doc-1.23.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.ppc64le"
},
"product_reference": "go1.23-doc-1.23.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-doc-1.23.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.s390x"
},
"product_reference": "go1.23-doc-1.23.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-doc-1.23.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.x86_64"
},
"product_reference": "go1.23-doc-1.23.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-libstd-1.23.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.aarch64"
},
"product_reference": "go1.23-libstd-1.23.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-libstd-1.23.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.ppc64le"
},
"product_reference": "go1.23-libstd-1.23.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-libstd-1.23.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.s390x"
},
"product_reference": "go1.23-libstd-1.23.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-libstd-1.23.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.x86_64"
},
"product_reference": "go1.23-libstd-1.23.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-race-1.23.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.aarch64"
},
"product_reference": "go1.23-race-1.23.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-race-1.23.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.ppc64le"
},
"product_reference": "go1.23-race-1.23.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-race-1.23.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.s390x"
},
"product_reference": "go1.23-race-1.23.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-race-1.23.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.x86_64"
},
"product_reference": "go1.23-race-1.23.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45336",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45336"
}
],
"notes": [
{
"category": "general",
"text": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.23-1.23.5-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-1.23.5-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-1.23.5-1.1.s390x",
"openSUSE Tumbleweed:go1.23-1.23.5-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.s390x",
"openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.s390x",
"openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.s390x",
"openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45336",
"url": "https://www.suse.com/security/cve/CVE-2024-45336"
},
{
"category": "external",
"summary": "SUSE Bug 1236045 for CVE-2024-45336",
"url": "https://bugzilla.suse.com/1236045"
},
{
"category": "external",
"summary": "SUSE Bug 1236046 for CVE-2024-45336",
"url": "https://bugzilla.suse.com/1236046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.23-1.23.5-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-1.23.5-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-1.23.5-1.1.s390x",
"openSUSE Tumbleweed:go1.23-1.23.5-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.s390x",
"openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.s390x",
"openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.s390x",
"openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.23-1.23.5-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-1.23.5-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-1.23.5-1.1.s390x",
"openSUSE Tumbleweed:go1.23-1.23.5-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.s390x",
"openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.s390x",
"openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.s390x",
"openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-45336"
},
{
"cve": "CVE-2024-45341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45341"
}
],
"notes": [
{
"category": "general",
"text": "A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.23-1.23.5-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-1.23.5-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-1.23.5-1.1.s390x",
"openSUSE Tumbleweed:go1.23-1.23.5-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.s390x",
"openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.s390x",
"openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.s390x",
"openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45341",
"url": "https://www.suse.com/security/cve/CVE-2024-45341"
},
{
"category": "external",
"summary": "SUSE Bug 1236045 for CVE-2024-45341",
"url": "https://bugzilla.suse.com/1236045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.23-1.23.5-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-1.23.5-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-1.23.5-1.1.s390x",
"openSUSE Tumbleweed:go1.23-1.23.5-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.s390x",
"openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.s390x",
"openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.s390x",
"openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.23-1.23.5-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-1.23.5-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-1.23.5-1.1.s390x",
"openSUSE Tumbleweed:go1.23-1.23.5-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.s390x",
"openSUSE Tumbleweed:go1.23-doc-1.23.5-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.s390x",
"openSUSE Tumbleweed:go1.23-libstd-1.23.5-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.s390x",
"openSUSE Tumbleweed:go1.23-race-1.23.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-45341"
}
]
}
OPENSUSE-SU-2025:14710-1
Vulnerability from csaf_opensuse - Published: 2025-01-29 00:00 - Updated: 2025-01-29 00:00Summary
govulncheck-vulndb-0.0.20250128T150132-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: govulncheck-vulndb-0.0.20250128T150132-1.1 on GA media
Description of the patch: These are all security issues fixed in the govulncheck-vulndb-0.0.20250128T150132-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-14710
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.7 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.7 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.2 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
39 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "govulncheck-vulndb-0.0.20250128T150132-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the govulncheck-vulndb-0.0.20250128T150132-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14710",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14710-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-11218 page",
"url": "https://www.suse.com/security/cve/CVE-2024-11218/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45336 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45336/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45339 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45339/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45340 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45341 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45341/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-0377 page",
"url": "https://www.suse.com/security/cve/CVE-2025-0377/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22865 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22865/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23028 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23028/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23047 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23047/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23208 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23208/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-24030 page",
"url": "https://www.suse.com/security/cve/CVE-2025-24030/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-24337 page",
"url": "https://www.suse.com/security/cve/CVE-2025-24337/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-24354 page",
"url": "https://www.suse.com/security/cve/CVE-2025-24354/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-24355 page",
"url": "https://www.suse.com/security/cve/CVE-2025-24355/"
}
],
"title": "govulncheck-vulndb-0.0.20250128T150132-1.1 on GA media",
"tracking": {
"current_release_date": "2025-01-29T00:00:00Z",
"generator": {
"date": "2025-01-29T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14710-1",
"initial_release_date": "2025-01-29T00:00:00Z",
"revision_history": [
{
"date": "2025-01-29T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"product": {
"name": "govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"product_id": "govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"product": {
"name": "govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"product_id": "govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"product": {
"name": "govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"product_id": "govulncheck-vulndb-0.0.20250128T150132-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64",
"product": {
"name": "govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64",
"product_id": "govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64"
},
"product_reference": "govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le"
},
"product_reference": "govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250128T150132-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x"
},
"product_reference": "govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
},
"product_reference": "govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-11218",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-11218"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-11218",
"url": "https://www.suse.com/security/cve/CVE-2024-11218"
},
{
"category": "external",
"summary": "SUSE Bug 1236269 for CVE-2024-11218",
"url": "https://bugzilla.suse.com/1236269"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-29T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-11218"
},
{
"cve": "CVE-2024-45336",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45336"
}
],
"notes": [
{
"category": "general",
"text": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45336",
"url": "https://www.suse.com/security/cve/CVE-2024-45336"
},
{
"category": "external",
"summary": "SUSE Bug 1236045 for CVE-2024-45336",
"url": "https://bugzilla.suse.com/1236045"
},
{
"category": "external",
"summary": "SUSE Bug 1236046 for CVE-2024-45336",
"url": "https://bugzilla.suse.com/1236046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-29T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-45336"
},
{
"cve": "CVE-2024-45339",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45339"
}
],
"notes": [
{
"category": "general",
"text": "When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process\u0027s log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45339",
"url": "https://www.suse.com/security/cve/CVE-2024-45339"
},
{
"category": "external",
"summary": "SUSE Bug 1236541 for CVE-2024-45339",
"url": "https://bugzilla.suse.com/1236541"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-29T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-45339"
},
{
"cve": "CVE-2024-45340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45340"
}
],
"notes": [
{
"category": "general",
"text": "Credentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. By default, unless otherwise set, this only affected credentials stored in the users .netrc file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45340",
"url": "https://www.suse.com/security/cve/CVE-2024-45340"
},
{
"category": "external",
"summary": "SUSE Bug 1236360 for CVE-2024-45340",
"url": "https://bugzilla.suse.com/1236360"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-29T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-45340"
},
{
"cve": "CVE-2024-45341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45341"
}
],
"notes": [
{
"category": "general",
"text": "A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45341",
"url": "https://www.suse.com/security/cve/CVE-2024-45341"
},
{
"category": "external",
"summary": "SUSE Bug 1236045 for CVE-2024-45341",
"url": "https://bugzilla.suse.com/1236045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-29T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-45341"
},
{
"cve": "CVE-2025-0377",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-0377"
}
],
"notes": [
{
"category": "general",
"text": "HashiCorp\u0027s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-0377",
"url": "https://www.suse.com/security/cve/CVE-2025-0377"
},
{
"category": "external",
"summary": "SUSE Bug 1236209 for CVE-2025-0377",
"url": "https://bugzilla.suse.com/1236209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-29T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-0377"
},
{
"cve": "CVE-2025-22865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22865"
}
],
"notes": [
{
"category": "general",
"text": "Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22865",
"url": "https://www.suse.com/security/cve/CVE-2025-22865"
},
{
"category": "external",
"summary": "SUSE Bug 1236361 for CVE-2025-22865",
"url": "https://bugzilla.suse.com/1236361"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-29T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-22865"
},
{
"cve": "CVE-2025-23028",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23028"
}
],
"notes": [
{
"category": "general",
"text": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. A denial of service vulnerability affects versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 through 1.16.4. In a Kubernetes cluster where Cilium is configured to proxy DNS traffic, an attacker can crash Cilium agents by sending a crafted DNS response to workloads from outside the cluster. For traffic that is allowed but without using DNS-based policy, the dataplane will continue to pass traffic as configured at the time of the DoS. For workloads that have DNS-based policy configured, existing connections may continue to operate, and new connections made without relying on DNS resolution may continue to be established, but new connections which rely on DNS resolution may be disrupted. Any configuration changes that affect the impacted agent may not be applied until the agent is able to restart. This issue is fixed in Cilium v1.14.18, v1.15.12, and v1.16.5. No known workarounds are available.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23028",
"url": "https://www.suse.com/security/cve/CVE-2025-23028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-29T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-23028"
},
{
"cve": "CVE-2025-23047",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23047"
}
],
"notes": [
{
"category": "general",
"text": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An insecure default `Access-Control-Allow-Origin` header value could lead to sensitive data exposure for users of Cilium versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 through 1.16.4 who deploy Hubble UI using either Cilium CLI or via the Cilium Helm chart. A user with access to a Hubble UI instance affected by this issue could leak configuration details about the Kubernetes cluster which Hubble UI is monitoring, including node names, IP addresses, and other metadata about workloads and the cluster networking configuration. In order for this vulnerability to be exploited, a victim would have to first visit a malicious page. This issue is fixed in Cilium v1.14.18, v1.15.12, and v1.16.5. As a workaround, users who deploy Hubble UI using the Cilium Helm chart directly can remove the CORS headers from the Helm template as shown in the patch from commit a3489f190ba6e87b5336ee685fb6c80b1270d06d.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23047",
"url": "https://www.suse.com/security/cve/CVE-2025-23047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-29T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-23047"
},
{
"cve": "CVE-2025-23208",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23208"
}
],
"notes": [
{
"category": "general",
"text": "zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database (meta.db) is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of replacing the group memberships, they are appended. This may be due to some conflict with the group definitions in the config file, but that wasn\u0027t obvious to me if it were the case. Any Zot configuration that relies on group-based authorization will not respect group remove/revocation by an IdP. This issue has been addressed in version 2.1.2. All users are advised to upgrade. There are no known workarounds for this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23208",
"url": "https://www.suse.com/security/cve/CVE-2025-23208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-29T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-23208"
},
{
"cve": "CVE-2025-24030",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-24030"
}
],
"notes": [
{
"category": "general",
"text": "Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of Envoy Gateway prior to 1.2.6. The admin interface can be used to terminate the Envoy process and extract the Envoy configuration (possibly containing confidential data). Version 1.2.6 fixes the issue. As a workaround, the `EnvoyProxy` API can be used to apply a bootstrap config patch that restricts access strictly to the prometheus stats endpoint. Find below an example of such a bootstrap patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-24030",
"url": "https://www.suse.com/security/cve/CVE-2025-24030"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-29T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-24030"
},
{
"cve": "CVE-2025-24337",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-24337"
}
],
"notes": [
{
"category": "general",
"text": "WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-24337",
"url": "https://www.suse.com/security/cve/CVE-2025-24337"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-29T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-24337"
},
{
"cve": "CVE-2025-24354",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-24354"
}
],
"notes": [
{
"category": "general",
"text": "imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXY_ALLOW_LOOPBACK_SOURCE_ADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-24354",
"url": "https://www.suse.com/security/cve/CVE-2025-24354"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-29T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-24354"
},
{
"cve": "CVE-2025-24355",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-24355"
}
],
"notes": [
{
"category": "general",
"text": "Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a `maven` source configured with basic auth credentials, the credentials are being leaked in the application execution logs in case of failure. Credentials are properly sanitized when the operation is successful but not when for whatever reason there is a failure in the maven repository, e.g. wrong coordinates provided, not existing artifact or version. Version 0.93.0 contains a patch for the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-24355",
"url": "https://www.suse.com/security/cve/CVE-2025-24355"
},
{
"category": "external",
"summary": "SUSE Bug 1236404 for CVE-2025-24355",
"url": "https://bugzilla.suse.com/1236404"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250128T150132-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-29T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-24355"
}
]
}
OPENSUSE-SU-2025:15030-1
Vulnerability from csaf_opensuse - Published: 2025-04-25 00:00 - Updated: 2025-04-25 00:00Summary
opentofu-1.9.1-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: opentofu-1.9.1-1.1 on GA media
Description of the patch: These are all security issues fixed in the opentofu-1.9.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15030
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:opentofu-1.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opentofu-1.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opentofu-1.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opentofu-1.9.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.2 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:opentofu-1.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opentofu-1.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opentofu-1.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opentofu-1.9.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:opentofu-1.9.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opentofu-1.9.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opentofu-1.9.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:opentofu-1.9.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "opentofu-1.9.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the opentofu-1.9.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15030",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15030-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:15030-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PLAZMF6OXHA44LELUVOL3F5GAUV5PW3Y/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:15030-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PLAZMF6OXHA44LELUVOL3F5GAUV5PW3Y/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45336 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45336/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45341 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45341/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22866 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22866/"
}
],
"title": "opentofu-1.9.1-1.1 on GA media",
"tracking": {
"current_release_date": "2025-04-25T00:00:00Z",
"generator": {
"date": "2025-04-25T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15030-1",
"initial_release_date": "2025-04-25T00:00:00Z",
"revision_history": [
{
"date": "2025-04-25T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "opentofu-1.9.1-1.1.aarch64",
"product": {
"name": "opentofu-1.9.1-1.1.aarch64",
"product_id": "opentofu-1.9.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "opentofu-1.9.1-1.1.ppc64le",
"product": {
"name": "opentofu-1.9.1-1.1.ppc64le",
"product_id": "opentofu-1.9.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "opentofu-1.9.1-1.1.s390x",
"product": {
"name": "opentofu-1.9.1-1.1.s390x",
"product_id": "opentofu-1.9.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "opentofu-1.9.1-1.1.x86_64",
"product": {
"name": "opentofu-1.9.1-1.1.x86_64",
"product_id": "opentofu-1.9.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "opentofu-1.9.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:opentofu-1.9.1-1.1.aarch64"
},
"product_reference": "opentofu-1.9.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opentofu-1.9.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:opentofu-1.9.1-1.1.ppc64le"
},
"product_reference": "opentofu-1.9.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opentofu-1.9.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:opentofu-1.9.1-1.1.s390x"
},
"product_reference": "opentofu-1.9.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opentofu-1.9.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:opentofu-1.9.1-1.1.x86_64"
},
"product_reference": "opentofu-1.9.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45336",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45336"
}
],
"notes": [
{
"category": "general",
"text": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.aarch64",
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.s390x",
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45336",
"url": "https://www.suse.com/security/cve/CVE-2024-45336"
},
{
"category": "external",
"summary": "SUSE Bug 1236045 for CVE-2024-45336",
"url": "https://bugzilla.suse.com/1236045"
},
{
"category": "external",
"summary": "SUSE Bug 1236046 for CVE-2024-45336",
"url": "https://bugzilla.suse.com/1236046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.aarch64",
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.s390x",
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.aarch64",
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.s390x",
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-45336"
},
{
"cve": "CVE-2024-45341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45341"
}
],
"notes": [
{
"category": "general",
"text": "A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.aarch64",
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.s390x",
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45341",
"url": "https://www.suse.com/security/cve/CVE-2024-45341"
},
{
"category": "external",
"summary": "SUSE Bug 1236045 for CVE-2024-45341",
"url": "https://bugzilla.suse.com/1236045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.aarch64",
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.s390x",
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.aarch64",
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.s390x",
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-45341"
},
{
"cve": "CVE-2025-22866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22866"
}
],
"notes": [
{
"category": "general",
"text": "Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.aarch64",
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.s390x",
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22866",
"url": "https://www.suse.com/security/cve/CVE-2025-22866"
},
{
"category": "external",
"summary": "SUSE Bug 1236801 for CVE-2025-22866",
"url": "https://bugzilla.suse.com/1236801"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.aarch64",
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.s390x",
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.aarch64",
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.ppc64le",
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.s390x",
"openSUSE Tumbleweed:opentofu-1.9.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22866"
}
]
}
RHSA-2025:3772
Vulnerability from csaf_redhat - Published: 2025-04-10 01:06 - Updated: 2026-06-02 17:47Summary
Red Hat Security Advisory: go-toolset:rhel8 security update
Severity
Moderate
Notes
Topic: An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.
Security Fix(es):
* golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints (CVE-2024-45341)
* golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect (CVE-2024-45336)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.
5.9 (Medium)
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.
4.2 (Medium)
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
|
Threats
Impact
Low
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. \n\nSecurity Fix(es):\n\n* golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints (CVE-2024-45341)\n\n* golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect (CVE-2024-45336)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:3772",
"url": "https://access.redhat.com/errata/RHSA-2025:3772"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2341750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2341750"
},
{
"category": "external",
"summary": "2341751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2341751"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3772.json"
}
],
"title": "Red Hat Security Advisory: go-toolset:rhel8 security update",
"tracking": {
"current_release_date": "2026-06-02T17:47:10+00:00",
"generator": {
"date": "2026-06-02T17:47:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:3772",
"initial_release_date": "2025-04-10T01:06:33+00:00",
"revision_history": [
{
"date": "2025-04-10T01:06:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-04-10T01:06:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T17:47:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"product": {
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src (go-toolset:rhel8)",
"product_id": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.24.1-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=src\u0026rpmmod=go-toolset:rhel8:8100020250321121115:a3795dee"
}
}
},
{
"category": "product_version",
"name": "go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"product": {
"name": "go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.src (go-toolset:rhel8)",
"product_id": "go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.23.6-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=src\u0026rpmmod=go-toolset:rhel8:8100020250321121115:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"product": {
"name": "golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.src (go-toolset:rhel8)",
"product_id": "golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.23.6-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=src\u0026rpmmod=go-toolset:rhel8:8100020250321121115:a3795dee"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-docs-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8",
"product": {
"name": "golang-docs-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch (go-toolset:rhel8)",
"product_id": "golang-docs-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-docs@1.23.6-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=noarch\u0026rpmmod=go-toolset:rhel8:8100020250321121115:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-misc-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8",
"product": {
"name": "golang-misc-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch (go-toolset:rhel8)",
"product_id": "golang-misc-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-misc@1.23.6-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=noarch\u0026rpmmod=go-toolset:rhel8:8100020250321121115:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-src-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8",
"product": {
"name": "golang-src-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch (go-toolset:rhel8)",
"product_id": "golang-src-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-src@1.23.6-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=noarch\u0026rpmmod=go-toolset:rhel8:8100020250321121115:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-tests-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8",
"product": {
"name": "golang-tests-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch (go-toolset:rhel8)",
"product_id": "golang-tests-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-tests@1.23.6-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=noarch\u0026rpmmod=go-toolset:rhel8:8100020250321121115:a3795dee"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"product": {
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64 (go-toolset:rhel8)",
"product_id": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.24.1-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=aarch64\u0026rpmmod=go-toolset:rhel8:8100020250321121115:a3795dee"
}
}
},
{
"category": "product_version",
"name": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"product": {
"name": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64 (go-toolset:rhel8)",
"product_id": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debuginfo@1.24.1-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=aarch64\u0026rpmmod=go-toolset:rhel8:8100020250321121115:a3795dee"
}
}
},
{
"category": "product_version",
"name": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"product": {
"name": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64 (go-toolset:rhel8)",
"product_id": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debugsource@1.24.1-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=aarch64\u0026rpmmod=go-toolset:rhel8:8100020250321121115:a3795dee"
}
}
},
{
"category": "product_version",
"name": "go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"product": {
"name": "go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64 (go-toolset:rhel8)",
"product_id": "go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.23.6-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=aarch64\u0026rpmmod=go-toolset:rhel8:8100020250321121115:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"product": {
"name": "golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64 (go-toolset:rhel8)",
"product_id": "golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.23.6-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=aarch64\u0026rpmmod=go-toolset:rhel8:8100020250321121115:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"product": {
"name": "golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64 (go-toolset:rhel8)",
"product_id": "golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.23.6-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=aarch64\u0026rpmmod=go-toolset:rhel8:8100020250321121115:a3795dee"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"product": {
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le (go-toolset:rhel8)",
"product_id": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.24.1-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=ppc64le\u0026rpmmod=go-toolset:rhel8:8100020250321121115:a3795dee"
}
}
},
{
"category": "product_version",
"name": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"product": {
"name": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le (go-toolset:rhel8)",
"product_id": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debuginfo@1.24.1-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=ppc64le\u0026rpmmod=go-toolset:rhel8:8100020250321121115:a3795dee"
}
}
},
{
"category": "product_version",
"name": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"product": {
"name": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le (go-toolset:rhel8)",
"product_id": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debugsource@1.24.1-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=ppc64le\u0026rpmmod=go-toolset:rhel8:8100020250321121115:a3795dee"
}
}
},
{
"category": "product_version",
"name": "go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"product": {
"name": "go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le (go-toolset:rhel8)",
"product_id": "go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.23.6-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=ppc64le\u0026rpmmod=go-toolset:rhel8:8100020250321121115:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"product": {
"name": "golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le (go-toolset:rhel8)",
"product_id": "golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.23.6-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=ppc64le\u0026rpmmod=go-toolset:rhel8:8100020250321121115:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"product": {
"name": "golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le (go-toolset:rhel8)",
"product_id": "golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.23.6-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=ppc64le\u0026rpmmod=go-toolset:rhel8:8100020250321121115:a3795dee"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"product": {
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64 (go-toolset:rhel8)",
"product_id": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.24.1-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8100020250321121115:a3795dee"
}
}
},
{
"category": "product_version",
"name": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"product": {
"name": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64 (go-toolset:rhel8)",
"product_id": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debuginfo@1.24.1-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8100020250321121115:a3795dee"
}
}
},
{
"category": "product_version",
"name": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"product": {
"name": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64 (go-toolset:rhel8)",
"product_id": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debugsource@1.24.1-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8100020250321121115:a3795dee"
}
}
},
{
"category": "product_version",
"name": "go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"product": {
"name": "go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64 (go-toolset:rhel8)",
"product_id": "go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.23.6-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8100020250321121115:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"product": {
"name": "golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64 (go-toolset:rhel8)",
"product_id": "golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.23.6-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8100020250321121115:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"product": {
"name": "golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64 (go-toolset:rhel8)",
"product_id": "golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.23.6-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8100020250321121115:a3795dee"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8",
"product": {
"name": "go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x (go-toolset:rhel8)",
"product_id": "go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.23.6-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=s390x\u0026rpmmod=go-toolset:rhel8:8100020250321121115:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8",
"product": {
"name": "golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x (go-toolset:rhel8)",
"product_id": "golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.23.6-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=s390x\u0026rpmmod=go-toolset:rhel8:8100020250321121115:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8",
"product": {
"name": "golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x (go-toolset:rhel8)",
"product_id": "golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.23.6-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=s390x\u0026rpmmod=go-toolset:rhel8:8100020250321121115:a3795dee"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8"
},
"product_reference": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8"
},
"product_reference": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8"
},
"product_reference": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8"
},
"product_reference": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8"
},
"product_reference": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8"
},
"product_reference": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8"
},
"product_reference": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8"
},
"product_reference": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8"
},
"product_reference": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8"
},
"product_reference": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8"
},
"product_reference": "go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8"
},
"product_reference": "go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8"
},
"product_reference": "go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.src (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8"
},
"product_reference": "go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8"
},
"product_reference": "go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8"
},
"product_reference": "golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8"
},
"product_reference": "golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8"
},
"product_reference": "golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.src (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8"
},
"product_reference": "golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8"
},
"product_reference": "golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8"
},
"product_reference": "golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8"
},
"product_reference": "golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8"
},
"product_reference": "golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8"
},
"product_reference": "golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-docs-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8"
},
"product_reference": "golang-docs-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-misc-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8"
},
"product_reference": "golang-misc-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-src-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8"
},
"product_reference": "golang-src-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-tests-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8"
},
"product_reference": "golang-tests-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45336",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2025-01-23T12:57:38.123000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2341751"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45336"
},
{
"category": "external",
"summary": "RHBZ#2341751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2341751"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45336",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45336"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/70530",
"url": "https://github.com/golang/go/issues/70530"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI",
"url": "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI"
}
],
"release_date": "2025-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-10T01:06:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3772"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect"
},
{
"cve": "CVE-2024-45341",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-01-23T12:26:31.454000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2341750"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45341"
},
{
"category": "external",
"summary": "RHBZ#2341750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2341750"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45341",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45341"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/2b2314e9f6103de322b2e247387c8b01fd0cd5a4",
"url": "https://github.com/golang/go/commit/2b2314e9f6103de322b2e247387c8b01fd0cd5a4"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/71156",
"url": "https://github.com/golang/go/issues/71156"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI",
"url": "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI"
}
],
"release_date": "2025-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-10T01:06:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3772"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.23.6-1.module+el8.10.0+22945+b2c96a17.noarch::go-toolset:rhel8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints"
}
]
}
RHSA-2025:3773
Vulnerability from csaf_redhat - Published: 2025-04-10 01:04 - Updated: 2026-06-02 17:44Summary
Red Hat Security Advisory: delve and golang security update
Severity
Important
Notes
Topic: An update for delve and golang is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Go Programming Language.
Security Fix(es):
* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
7.5 (High)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-docs-0:1.23.6-2.el9_5.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-misc-0:1.23.6-2.el9_5.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-src-0:1.23.6-2.el9_5.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-tests-0:1.23.6-2.el9_5.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.
5.9 (Medium)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-docs-0:1.23.6-2.el9_5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-misc-0:1.23.6-2.el9_5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-src-0:1.23.6-2.el9_5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-tests-0:1.23.6-2.el9_5.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.
4.2 (Medium)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-docs-0:1.23.6-2.el9_5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-misc-0:1.23.6-2.el9_5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-src-0:1.23.6-2.el9_5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-tests-0:1.23.6-2.el9_5.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.
5.3 (Medium)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-docs-0:1.23.6-2.el9_5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-misc-0:1.23.6-2.el9_5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-src-0:1.23.6-2.el9_5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.5.0.Z.MAIN:golang-tests-0:1.23.6-2.el9_5.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
32 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for delve and golang is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Go Programming Language.\n\nSecurity Fix(es):\n\n* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:3773",
"url": "https://access.redhat.com/errata/RHSA-2025:3773"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3773.json"
}
],
"title": "Red Hat Security Advisory: delve and golang security update",
"tracking": {
"current_release_date": "2026-06-02T17:44:17+00:00",
"generator": {
"date": "2026-06-02T17:44:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:3773",
"initial_release_date": "2025-04-10T01:04:23+00:00",
"revision_history": [
{
"date": "2025-04-10T01:04:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-04-10T01:04:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T17:44:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.23.6-2.el9_5.aarch64",
"product": {
"name": "go-toolset-0:1.23.6-2.el9_5.aarch64",
"product_id": "go-toolset-0:1.23.6-2.el9_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.23.6-2.el9_5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.23.6-2.el9_5.aarch64",
"product": {
"name": "golang-0:1.23.6-2.el9_5.aarch64",
"product_id": "golang-0:1.23.6-2.el9_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.23.6-2.el9_5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.23.6-2.el9_5.aarch64",
"product": {
"name": "golang-bin-0:1.23.6-2.el9_5.aarch64",
"product_id": "golang-bin-0:1.23.6-2.el9_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.23.6-2.el9_5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "golang-race-0:1.23.6-2.el9_5.aarch64",
"product": {
"name": "golang-race-0:1.23.6-2.el9_5.aarch64",
"product_id": "golang-race-0:1.23.6-2.el9_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-race@1.23.6-2.el9_5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "delve-0:1.24.1-2.el9_5.aarch64",
"product": {
"name": "delve-0:1.24.1-2.el9_5.aarch64",
"product_id": "delve-0:1.24.1-2.el9_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.24.1-2.el9_5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "delve-debugsource-0:1.24.1-2.el9_5.aarch64",
"product": {
"name": "delve-debugsource-0:1.24.1-2.el9_5.aarch64",
"product_id": "delve-debugsource-0:1.24.1-2.el9_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debugsource@1.24.1-2.el9_5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "delve-debuginfo-0:1.24.1-2.el9_5.aarch64",
"product": {
"name": "delve-debuginfo-0:1.24.1-2.el9_5.aarch64",
"product_id": "delve-debuginfo-0:1.24.1-2.el9_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debuginfo@1.24.1-2.el9_5?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.23.6-2.el9_5.ppc64le",
"product": {
"name": "go-toolset-0:1.23.6-2.el9_5.ppc64le",
"product_id": "go-toolset-0:1.23.6-2.el9_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.23.6-2.el9_5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.23.6-2.el9_5.ppc64le",
"product": {
"name": "golang-0:1.23.6-2.el9_5.ppc64le",
"product_id": "golang-0:1.23.6-2.el9_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.23.6-2.el9_5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.23.6-2.el9_5.ppc64le",
"product": {
"name": "golang-bin-0:1.23.6-2.el9_5.ppc64le",
"product_id": "golang-bin-0:1.23.6-2.el9_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.23.6-2.el9_5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "golang-race-0:1.23.6-2.el9_5.ppc64le",
"product": {
"name": "golang-race-0:1.23.6-2.el9_5.ppc64le",
"product_id": "golang-race-0:1.23.6-2.el9_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-race@1.23.6-2.el9_5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "delve-0:1.24.1-2.el9_5.ppc64le",
"product": {
"name": "delve-0:1.24.1-2.el9_5.ppc64le",
"product_id": "delve-0:1.24.1-2.el9_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.24.1-2.el9_5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "delve-debugsource-0:1.24.1-2.el9_5.ppc64le",
"product": {
"name": "delve-debugsource-0:1.24.1-2.el9_5.ppc64le",
"product_id": "delve-debugsource-0:1.24.1-2.el9_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debugsource@1.24.1-2.el9_5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "delve-debuginfo-0:1.24.1-2.el9_5.ppc64le",
"product": {
"name": "delve-debuginfo-0:1.24.1-2.el9_5.ppc64le",
"product_id": "delve-debuginfo-0:1.24.1-2.el9_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debuginfo@1.24.1-2.el9_5?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.23.6-2.el9_5.x86_64",
"product": {
"name": "go-toolset-0:1.23.6-2.el9_5.x86_64",
"product_id": "go-toolset-0:1.23.6-2.el9_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.23.6-2.el9_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.23.6-2.el9_5.x86_64",
"product": {
"name": "golang-0:1.23.6-2.el9_5.x86_64",
"product_id": "golang-0:1.23.6-2.el9_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.23.6-2.el9_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.23.6-2.el9_5.x86_64",
"product": {
"name": "golang-bin-0:1.23.6-2.el9_5.x86_64",
"product_id": "golang-bin-0:1.23.6-2.el9_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.23.6-2.el9_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "golang-race-0:1.23.6-2.el9_5.x86_64",
"product": {
"name": "golang-race-0:1.23.6-2.el9_5.x86_64",
"product_id": "golang-race-0:1.23.6-2.el9_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-race@1.23.6-2.el9_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "delve-0:1.24.1-2.el9_5.x86_64",
"product": {
"name": "delve-0:1.24.1-2.el9_5.x86_64",
"product_id": "delve-0:1.24.1-2.el9_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.24.1-2.el9_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "delve-debugsource-0:1.24.1-2.el9_5.x86_64",
"product": {
"name": "delve-debugsource-0:1.24.1-2.el9_5.x86_64",
"product_id": "delve-debugsource-0:1.24.1-2.el9_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debugsource@1.24.1-2.el9_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "delve-debuginfo-0:1.24.1-2.el9_5.x86_64",
"product": {
"name": "delve-debuginfo-0:1.24.1-2.el9_5.x86_64",
"product_id": "delve-debuginfo-0:1.24.1-2.el9_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debuginfo@1.24.1-2.el9_5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.23.6-2.el9_5.s390x",
"product": {
"name": "go-toolset-0:1.23.6-2.el9_5.s390x",
"product_id": "go-toolset-0:1.23.6-2.el9_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.23.6-2.el9_5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.23.6-2.el9_5.s390x",
"product": {
"name": "golang-0:1.23.6-2.el9_5.s390x",
"product_id": "golang-0:1.23.6-2.el9_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.23.6-2.el9_5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.23.6-2.el9_5.s390x",
"product": {
"name": "golang-bin-0:1.23.6-2.el9_5.s390x",
"product_id": "golang-bin-0:1.23.6-2.el9_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.23.6-2.el9_5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "golang-race-0:1.23.6-2.el9_5.s390x",
"product": {
"name": "golang-race-0:1.23.6-2.el9_5.s390x",
"product_id": "golang-race-0:1.23.6-2.el9_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-race@1.23.6-2.el9_5?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-0:1.23.6-2.el9_5.src",
"product": {
"name": "golang-0:1.23.6-2.el9_5.src",
"product_id": "golang-0:1.23.6-2.el9_5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.23.6-2.el9_5?arch=src"
}
}
},
{
"category": "product_version",
"name": "delve-0:1.24.1-2.el9_5.src",
"product": {
"name": "delve-0:1.24.1-2.el9_5.src",
"product_id": "delve-0:1.24.1-2.el9_5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.24.1-2.el9_5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-docs-0:1.23.6-2.el9_5.noarch",
"product": {
"name": "golang-docs-0:1.23.6-2.el9_5.noarch",
"product_id": "golang-docs-0:1.23.6-2.el9_5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-docs@1.23.6-2.el9_5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "golang-misc-0:1.23.6-2.el9_5.noarch",
"product": {
"name": "golang-misc-0:1.23.6-2.el9_5.noarch",
"product_id": "golang-misc-0:1.23.6-2.el9_5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-misc@1.23.6-2.el9_5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "golang-src-0:1.23.6-2.el9_5.noarch",
"product": {
"name": "golang-src-0:1.23.6-2.el9_5.noarch",
"product_id": "golang-src-0:1.23.6-2.el9_5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-src@1.23.6-2.el9_5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "golang-tests-0:1.23.6-2.el9_5.noarch",
"product": {
"name": "golang-tests-0:1.23.6-2.el9_5.noarch",
"product_id": "golang-tests-0:1.23.6-2.el9_5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-tests@1.23.6-2.el9_5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.24.1-2.el9_5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.aarch64"
},
"product_reference": "delve-0:1.24.1-2.el9_5.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.24.1-2.el9_5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.ppc64le"
},
"product_reference": "delve-0:1.24.1-2.el9_5.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.24.1-2.el9_5.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.src"
},
"product_reference": "delve-0:1.24.1-2.el9_5.src",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.24.1-2.el9_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.x86_64"
},
"product_reference": "delve-0:1.24.1-2.el9_5.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debuginfo-0:1.24.1-2.el9_5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.aarch64"
},
"product_reference": "delve-debuginfo-0:1.24.1-2.el9_5.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debuginfo-0:1.24.1-2.el9_5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.ppc64le"
},
"product_reference": "delve-debuginfo-0:1.24.1-2.el9_5.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debuginfo-0:1.24.1-2.el9_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.x86_64"
},
"product_reference": "delve-debuginfo-0:1.24.1-2.el9_5.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debugsource-0:1.24.1-2.el9_5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.aarch64"
},
"product_reference": "delve-debugsource-0:1.24.1-2.el9_5.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debugsource-0:1.24.1-2.el9_5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.ppc64le"
},
"product_reference": "delve-debugsource-0:1.24.1-2.el9_5.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debugsource-0:1.24.1-2.el9_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.x86_64"
},
"product_reference": "delve-debugsource-0:1.24.1-2.el9_5.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.23.6-2.el9_5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.aarch64"
},
"product_reference": "go-toolset-0:1.23.6-2.el9_5.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.23.6-2.el9_5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.ppc64le"
},
"product_reference": "go-toolset-0:1.23.6-2.el9_5.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.23.6-2.el9_5.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.s390x"
},
"product_reference": "go-toolset-0:1.23.6-2.el9_5.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.23.6-2.el9_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.x86_64"
},
"product_reference": "go-toolset-0:1.23.6-2.el9_5.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.23.6-2.el9_5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.aarch64"
},
"product_reference": "golang-0:1.23.6-2.el9_5.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.23.6-2.el9_5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.ppc64le"
},
"product_reference": "golang-0:1.23.6-2.el9_5.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.23.6-2.el9_5.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.s390x"
},
"product_reference": "golang-0:1.23.6-2.el9_5.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.23.6-2.el9_5.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.src"
},
"product_reference": "golang-0:1.23.6-2.el9_5.src",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.23.6-2.el9_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.x86_64"
},
"product_reference": "golang-0:1.23.6-2.el9_5.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.23.6-2.el9_5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.aarch64"
},
"product_reference": "golang-bin-0:1.23.6-2.el9_5.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.23.6-2.el9_5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.ppc64le"
},
"product_reference": "golang-bin-0:1.23.6-2.el9_5.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.23.6-2.el9_5.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.s390x"
},
"product_reference": "golang-bin-0:1.23.6-2.el9_5.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.23.6-2.el9_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.x86_64"
},
"product_reference": "golang-bin-0:1.23.6-2.el9_5.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-docs-0:1.23.6-2.el9_5.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:golang-docs-0:1.23.6-2.el9_5.noarch"
},
"product_reference": "golang-docs-0:1.23.6-2.el9_5.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-misc-0:1.23.6-2.el9_5.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:golang-misc-0:1.23.6-2.el9_5.noarch"
},
"product_reference": "golang-misc-0:1.23.6-2.el9_5.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-race-0:1.23.6-2.el9_5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.aarch64"
},
"product_reference": "golang-race-0:1.23.6-2.el9_5.aarch64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-race-0:1.23.6-2.el9_5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.ppc64le"
},
"product_reference": "golang-race-0:1.23.6-2.el9_5.ppc64le",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-race-0:1.23.6-2.el9_5.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.s390x"
},
"product_reference": "golang-race-0:1.23.6-2.el9_5.s390x",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-race-0:1.23.6-2.el9_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.x86_64"
},
"product_reference": "golang-race-0:1.23.6-2.el9_5.x86_64",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-src-0:1.23.6-2.el9_5.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:golang-src-0:1.23.6-2.el9_5.noarch"
},
"product_reference": "golang-src-0:1.23.6-2.el9_5.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-tests-0:1.23.6-2.el9_5.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:golang-tests-0:1.23.6-2.el9_5.noarch"
},
"product_reference": "golang-tests-0:1.23.6-2.el9_5.noarch",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34156",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:09.377905+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.src",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.src",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-docs-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-misc-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-src-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-tests-0:1.23.6-2.el9_5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "RHBZ#2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://go.dev/cl/611239",
"url": "https://go.dev/cl/611239"
},
{
"category": "external",
"summary": "https://go.dev/issue/69139",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3106",
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"release_date": "2024-09-06T21:15:12.020000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-10T01:04:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.src",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.src",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-docs-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-misc-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-src-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-tests-0:1.23.6-2.el9_5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3773"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.src",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.src",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-docs-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-misc-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-src-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-tests-0:1.23.6-2.el9_5.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.src",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.src",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-docs-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-misc-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-src-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-tests-0:1.23.6-2.el9_5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2024-45336",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2025-01-23T12:57:38.123000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2341751"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.src",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.src",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-docs-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-misc-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-src-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-tests-0:1.23.6-2.el9_5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45336"
},
{
"category": "external",
"summary": "RHBZ#2341751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2341751"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45336",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45336"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/70530",
"url": "https://github.com/golang/go/issues/70530"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI",
"url": "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI"
}
],
"release_date": "2025-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-10T01:04:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.src",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.src",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-docs-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-misc-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-src-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-tests-0:1.23.6-2.el9_5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3773"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.src",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.src",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-docs-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-misc-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-src-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-tests-0:1.23.6-2.el9_5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect"
},
{
"cve": "CVE-2024-45341",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-01-23T12:26:31.454000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2341750"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.src",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.src",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-docs-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-misc-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-src-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-tests-0:1.23.6-2.el9_5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45341"
},
{
"category": "external",
"summary": "RHBZ#2341750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2341750"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45341",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45341"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/2b2314e9f6103de322b2e247387c8b01fd0cd5a4",
"url": "https://github.com/golang/go/commit/2b2314e9f6103de322b2e247387c8b01fd0cd5a4"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/71156",
"url": "https://github.com/golang/go/issues/71156"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI",
"url": "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI"
}
],
"release_date": "2025-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-10T01:04:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.src",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.src",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-docs-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-misc-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-src-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-tests-0:1.23.6-2.el9_5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3773"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.src",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.src",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-docs-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-misc-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-src-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-tests-0:1.23.6-2.el9_5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints"
},
{
"cve": "CVE-2025-22866",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2025-02-06T17:00:56.155646+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344219"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.src",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.src",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-docs-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-misc-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-src-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-tests-0:1.23.6-2.el9_5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22866"
},
{
"category": "external",
"summary": "RHBZ#2344219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344219"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22866",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22866"
},
{
"category": "external",
"summary": "https://go.dev/cl/643735",
"url": "https://go.dev/cl/643735"
},
{
"category": "external",
"summary": "https://go.dev/issue/71383",
"url": "https://go.dev/issue/71383"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k",
"url": "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3447",
"url": "https://pkg.go.dev/vuln/GO-2025-3447"
}
],
"release_date": "2025-02-06T16:54:10.252000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-10T01:04:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.src",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.src",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-docs-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-misc-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-src-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-tests-0:1.23.6-2.el9_5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3773"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.src",
"AppStream-9.5.0.Z.MAIN:delve-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-debuginfo-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:delve-debugsource-0:1.24.1-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:go-toolset-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.src",
"AppStream-9.5.0.Z.MAIN:golang-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-bin-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-docs-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-misc-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.aarch64",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.ppc64le",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.s390x",
"AppStream-9.5.0.Z.MAIN:golang-race-0:1.23.6-2.el9_5.x86_64",
"AppStream-9.5.0.Z.MAIN:golang-src-0:1.23.6-2.el9_5.noarch",
"AppStream-9.5.0.Z.MAIN:golang-tests-0:1.23.6-2.el9_5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec"
}
]
}
RHSA-2025:7466
Vulnerability from csaf_redhat - Published: 2025-05-13 15:59 - Updated: 2026-06-02 17:47Summary
Red Hat Security Advisory: delve and golang security update
Severity
Moderate
Notes
Topic: An update for delve and golang is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Delve is a debugger for the Go programming language. The goal of the project is to provide a simple, full featured debugging tool for Go. Delve should be easy to invoke and easy to use. Chances are if you're using a debugger, things aren't going your way. With that in mind, Delve should stay out of your way as much as possible.
Security Fix(es):
* golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints (CVE-2024-45341)
* golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect (CVE-2024-45336)
* crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec (CVE-2025-22866)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.
5.9 (Medium)
Affected products
Fixed
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-docs-0:1.23.7-1.el10_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-misc-0:1.23.7-1.el10_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-src-0:1.23.7-1.el10_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-tests-0:1.23.7-1.el10_0.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.
4.2 (Medium)
Affected products
Fixed
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-docs-0:1.23.7-1.el10_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-misc-0:1.23.7-1.el10_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-src-0:1.23.7-1.el10_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-tests-0:1.23.7-1.el10_0.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.
5.3 (Medium)
Affected products
Fixed
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-docs-0:1.23.7-1.el10_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-misc-0:1.23.7-1.el10_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-src-0:1.23.7-1.el10_0.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z:golang-tests-0:1.23.7-1.el10_0.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
28 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for delve and golang is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Delve is a debugger for the Go programming language. The goal of the project is to provide a simple, full featured debugging tool for Go. Delve should be easy to invoke and easy to use. Chances are if you\u0027re using a debugger, things aren\u0027t going your way. With that in mind, Delve should stay out of your way as much as possible.\n\nSecurity Fix(es):\n\n* golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints (CVE-2024-45341)\n\n* golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect (CVE-2024-45336)\n\n* crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec (CVE-2025-22866)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:7466",
"url": "https://access.redhat.com/errata/RHSA-2025:7466"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2341750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2341750"
},
{
"category": "external",
"summary": "2341751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2341751"
},
{
"category": "external",
"summary": "2344219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344219"
},
{
"category": "external",
"summary": "RHEL-58723",
"url": "https://issues.redhat.com/browse/RHEL-58723"
},
{
"category": "external",
"summary": "RHEL-61262",
"url": "https://issues.redhat.com/browse/RHEL-61262"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_7466.json"
}
],
"title": "Red Hat Security Advisory: delve and golang security update",
"tracking": {
"current_release_date": "2026-06-02T17:47:44+00:00",
"generator": {
"date": "2026-06-02T17:47:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:7466",
"initial_release_date": "2025-05-13T15:59:41+00:00",
"revision_history": [
{
"date": "2025-05-13T15:59:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-05-13T15:59:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T17:47:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "delve-0:1.24.1-1.el10_0.src",
"product": {
"name": "delve-0:1.24.1-1.el10_0.src",
"product_id": "delve-0:1.24.1-1.el10_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.24.1-1.el10_0?arch=src"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.23.7-1.el10_0.src",
"product": {
"name": "golang-0:1.23.7-1.el10_0.src",
"product_id": "golang-0:1.23.7-1.el10_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.23.7-1.el10_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "delve-0:1.24.1-1.el10_0.aarch64",
"product": {
"name": "delve-0:1.24.1-1.el10_0.aarch64",
"product_id": "delve-0:1.24.1-1.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.24.1-1.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "delve-debugsource-0:1.24.1-1.el10_0.aarch64",
"product": {
"name": "delve-debugsource-0:1.24.1-1.el10_0.aarch64",
"product_id": "delve-debugsource-0:1.24.1-1.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debugsource@1.24.1-1.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "delve-debuginfo-0:1.24.1-1.el10_0.aarch64",
"product": {
"name": "delve-debuginfo-0:1.24.1-1.el10_0.aarch64",
"product_id": "delve-debuginfo-0:1.24.1-1.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debuginfo@1.24.1-1.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "go-toolset-0:1.23.7-1.el10_0.aarch64",
"product": {
"name": "go-toolset-0:1.23.7-1.el10_0.aarch64",
"product_id": "go-toolset-0:1.23.7-1.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.23.7-1.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.23.7-1.el10_0.aarch64",
"product": {
"name": "golang-0:1.23.7-1.el10_0.aarch64",
"product_id": "golang-0:1.23.7-1.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.23.7-1.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.23.7-1.el10_0.aarch64",
"product": {
"name": "golang-bin-0:1.23.7-1.el10_0.aarch64",
"product_id": "golang-bin-0:1.23.7-1.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.23.7-1.el10_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "delve-0:1.24.1-1.el10_0.ppc64le",
"product": {
"name": "delve-0:1.24.1-1.el10_0.ppc64le",
"product_id": "delve-0:1.24.1-1.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.24.1-1.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "delve-debugsource-0:1.24.1-1.el10_0.ppc64le",
"product": {
"name": "delve-debugsource-0:1.24.1-1.el10_0.ppc64le",
"product_id": "delve-debugsource-0:1.24.1-1.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debugsource@1.24.1-1.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "delve-debuginfo-0:1.24.1-1.el10_0.ppc64le",
"product": {
"name": "delve-debuginfo-0:1.24.1-1.el10_0.ppc64le",
"product_id": "delve-debuginfo-0:1.24.1-1.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debuginfo@1.24.1-1.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "go-toolset-0:1.23.7-1.el10_0.ppc64le",
"product": {
"name": "go-toolset-0:1.23.7-1.el10_0.ppc64le",
"product_id": "go-toolset-0:1.23.7-1.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.23.7-1.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.23.7-1.el10_0.ppc64le",
"product": {
"name": "golang-0:1.23.7-1.el10_0.ppc64le",
"product_id": "golang-0:1.23.7-1.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.23.7-1.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.23.7-1.el10_0.ppc64le",
"product": {
"name": "golang-bin-0:1.23.7-1.el10_0.ppc64le",
"product_id": "golang-bin-0:1.23.7-1.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.23.7-1.el10_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "delve-0:1.24.1-1.el10_0.x86_64",
"product": {
"name": "delve-0:1.24.1-1.el10_0.x86_64",
"product_id": "delve-0:1.24.1-1.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.24.1-1.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "delve-debugsource-0:1.24.1-1.el10_0.x86_64",
"product": {
"name": "delve-debugsource-0:1.24.1-1.el10_0.x86_64",
"product_id": "delve-debugsource-0:1.24.1-1.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debugsource@1.24.1-1.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "delve-debuginfo-0:1.24.1-1.el10_0.x86_64",
"product": {
"name": "delve-debuginfo-0:1.24.1-1.el10_0.x86_64",
"product_id": "delve-debuginfo-0:1.24.1-1.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debuginfo@1.24.1-1.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "go-toolset-0:1.23.7-1.el10_0.x86_64",
"product": {
"name": "go-toolset-0:1.23.7-1.el10_0.x86_64",
"product_id": "go-toolset-0:1.23.7-1.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.23.7-1.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.23.7-1.el10_0.x86_64",
"product": {
"name": "golang-0:1.23.7-1.el10_0.x86_64",
"product_id": "golang-0:1.23.7-1.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.23.7-1.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.23.7-1.el10_0.x86_64",
"product": {
"name": "golang-bin-0:1.23.7-1.el10_0.x86_64",
"product_id": "golang-bin-0:1.23.7-1.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.23.7-1.el10_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.23.7-1.el10_0.s390x",
"product": {
"name": "go-toolset-0:1.23.7-1.el10_0.s390x",
"product_id": "go-toolset-0:1.23.7-1.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.23.7-1.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.23.7-1.el10_0.s390x",
"product": {
"name": "golang-0:1.23.7-1.el10_0.s390x",
"product_id": "golang-0:1.23.7-1.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.23.7-1.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.23.7-1.el10_0.s390x",
"product": {
"name": "golang-bin-0:1.23.7-1.el10_0.s390x",
"product_id": "golang-bin-0:1.23.7-1.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.23.7-1.el10_0?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-docs-0:1.23.7-1.el10_0.noarch",
"product": {
"name": "golang-docs-0:1.23.7-1.el10_0.noarch",
"product_id": "golang-docs-0:1.23.7-1.el10_0.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-docs@1.23.7-1.el10_0?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "golang-misc-0:1.23.7-1.el10_0.noarch",
"product": {
"name": "golang-misc-0:1.23.7-1.el10_0.noarch",
"product_id": "golang-misc-0:1.23.7-1.el10_0.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-misc@1.23.7-1.el10_0?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "golang-src-0:1.23.7-1.el10_0.noarch",
"product": {
"name": "golang-src-0:1.23.7-1.el10_0.noarch",
"product_id": "golang-src-0:1.23.7-1.el10_0.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-src@1.23.7-1.el10_0?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "golang-tests-0:1.23.7-1.el10_0.noarch",
"product": {
"name": "golang-tests-0:1.23.7-1.el10_0.noarch",
"product_id": "golang-tests-0:1.23.7-1.el10_0.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-tests@1.23.7-1.el10_0?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.24.1-1.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.aarch64"
},
"product_reference": "delve-0:1.24.1-1.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.24.1-1.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.ppc64le"
},
"product_reference": "delve-0:1.24.1-1.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.24.1-1.el10_0.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.src"
},
"product_reference": "delve-0:1.24.1-1.el10_0.src",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.24.1-1.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.x86_64"
},
"product_reference": "delve-0:1.24.1-1.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debuginfo-0:1.24.1-1.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.aarch64"
},
"product_reference": "delve-debuginfo-0:1.24.1-1.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debuginfo-0:1.24.1-1.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.ppc64le"
},
"product_reference": "delve-debuginfo-0:1.24.1-1.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debuginfo-0:1.24.1-1.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.x86_64"
},
"product_reference": "delve-debuginfo-0:1.24.1-1.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debugsource-0:1.24.1-1.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.aarch64"
},
"product_reference": "delve-debugsource-0:1.24.1-1.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debugsource-0:1.24.1-1.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.ppc64le"
},
"product_reference": "delve-debugsource-0:1.24.1-1.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debugsource-0:1.24.1-1.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.x86_64"
},
"product_reference": "delve-debugsource-0:1.24.1-1.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.23.7-1.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.aarch64"
},
"product_reference": "go-toolset-0:1.23.7-1.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.23.7-1.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.ppc64le"
},
"product_reference": "go-toolset-0:1.23.7-1.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.23.7-1.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.s390x"
},
"product_reference": "go-toolset-0:1.23.7-1.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.23.7-1.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.x86_64"
},
"product_reference": "go-toolset-0:1.23.7-1.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.23.7-1.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.aarch64"
},
"product_reference": "golang-0:1.23.7-1.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.23.7-1.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.ppc64le"
},
"product_reference": "golang-0:1.23.7-1.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.23.7-1.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.s390x"
},
"product_reference": "golang-0:1.23.7-1.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.23.7-1.el10_0.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.src"
},
"product_reference": "golang-0:1.23.7-1.el10_0.src",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.23.7-1.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.x86_64"
},
"product_reference": "golang-0:1.23.7-1.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.23.7-1.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.aarch64"
},
"product_reference": "golang-bin-0:1.23.7-1.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.23.7-1.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.ppc64le"
},
"product_reference": "golang-bin-0:1.23.7-1.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.23.7-1.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.s390x"
},
"product_reference": "golang-bin-0:1.23.7-1.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.23.7-1.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.x86_64"
},
"product_reference": "golang-bin-0:1.23.7-1.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-docs-0:1.23.7-1.el10_0.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:golang-docs-0:1.23.7-1.el10_0.noarch"
},
"product_reference": "golang-docs-0:1.23.7-1.el10_0.noarch",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-misc-0:1.23.7-1.el10_0.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:golang-misc-0:1.23.7-1.el10_0.noarch"
},
"product_reference": "golang-misc-0:1.23.7-1.el10_0.noarch",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-src-0:1.23.7-1.el10_0.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:golang-src-0:1.23.7-1.el10_0.noarch"
},
"product_reference": "golang-src-0:1.23.7-1.el10_0.noarch",
"relates_to_product_reference": "AppStream-10.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-tests-0:1.23.7-1.el10_0.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.0.Z:golang-tests-0:1.23.7-1.el10_0.noarch"
},
"product_reference": "golang-tests-0:1.23.7-1.el10_0.noarch",
"relates_to_product_reference": "AppStream-10.0.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45336",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2025-01-23T12:57:38.123000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2341751"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.aarch64",
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.ppc64le",
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.src",
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.x86_64",
"AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.aarch64",
"AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.ppc64le",
"AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.x86_64",
"AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.aarch64",
"AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.ppc64le",
"AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.x86_64",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.aarch64",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.ppc64le",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.s390x",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.x86_64",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.aarch64",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.ppc64le",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.s390x",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.src",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.x86_64",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.aarch64",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.ppc64le",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.s390x",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.x86_64",
"AppStream-10.0.Z:golang-docs-0:1.23.7-1.el10_0.noarch",
"AppStream-10.0.Z:golang-misc-0:1.23.7-1.el10_0.noarch",
"AppStream-10.0.Z:golang-src-0:1.23.7-1.el10_0.noarch",
"AppStream-10.0.Z:golang-tests-0:1.23.7-1.el10_0.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45336"
},
{
"category": "external",
"summary": "RHBZ#2341751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2341751"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45336",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45336"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/70530",
"url": "https://github.com/golang/go/issues/70530"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI",
"url": "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI"
}
],
"release_date": "2025-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-13T15:59:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.aarch64",
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.ppc64le",
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.src",
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.x86_64",
"AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.aarch64",
"AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.ppc64le",
"AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.x86_64",
"AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.aarch64",
"AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.ppc64le",
"AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.x86_64",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.aarch64",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.ppc64le",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.s390x",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.x86_64",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.aarch64",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.ppc64le",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.s390x",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.src",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.x86_64",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.aarch64",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.ppc64le",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.s390x",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.x86_64",
"AppStream-10.0.Z:golang-docs-0:1.23.7-1.el10_0.noarch",
"AppStream-10.0.Z:golang-misc-0:1.23.7-1.el10_0.noarch",
"AppStream-10.0.Z:golang-src-0:1.23.7-1.el10_0.noarch",
"AppStream-10.0.Z:golang-tests-0:1.23.7-1.el10_0.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:7466"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.aarch64",
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.ppc64le",
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.src",
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.x86_64",
"AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.aarch64",
"AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.ppc64le",
"AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.x86_64",
"AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.aarch64",
"AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.ppc64le",
"AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.x86_64",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.aarch64",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.ppc64le",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.s390x",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.x86_64",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.aarch64",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.ppc64le",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.s390x",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.src",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.x86_64",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.aarch64",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.ppc64le",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.s390x",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.x86_64",
"AppStream-10.0.Z:golang-docs-0:1.23.7-1.el10_0.noarch",
"AppStream-10.0.Z:golang-misc-0:1.23.7-1.el10_0.noarch",
"AppStream-10.0.Z:golang-src-0:1.23.7-1.el10_0.noarch",
"AppStream-10.0.Z:golang-tests-0:1.23.7-1.el10_0.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect"
},
{
"cve": "CVE-2024-45341",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-01-23T12:26:31.454000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2341750"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.aarch64",
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.ppc64le",
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.src",
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.x86_64",
"AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.aarch64",
"AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.ppc64le",
"AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.x86_64",
"AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.aarch64",
"AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.ppc64le",
"AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.x86_64",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.aarch64",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.ppc64le",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.s390x",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.x86_64",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.aarch64",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.ppc64le",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.s390x",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.src",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.x86_64",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.aarch64",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.ppc64le",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.s390x",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.x86_64",
"AppStream-10.0.Z:golang-docs-0:1.23.7-1.el10_0.noarch",
"AppStream-10.0.Z:golang-misc-0:1.23.7-1.el10_0.noarch",
"AppStream-10.0.Z:golang-src-0:1.23.7-1.el10_0.noarch",
"AppStream-10.0.Z:golang-tests-0:1.23.7-1.el10_0.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45341"
},
{
"category": "external",
"summary": "RHBZ#2341750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2341750"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45341",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45341"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/2b2314e9f6103de322b2e247387c8b01fd0cd5a4",
"url": "https://github.com/golang/go/commit/2b2314e9f6103de322b2e247387c8b01fd0cd5a4"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/71156",
"url": "https://github.com/golang/go/issues/71156"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI",
"url": "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI"
}
],
"release_date": "2025-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-13T15:59:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.aarch64",
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.ppc64le",
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.src",
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.x86_64",
"AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.aarch64",
"AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.ppc64le",
"AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.x86_64",
"AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.aarch64",
"AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.ppc64le",
"AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.x86_64",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.aarch64",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.ppc64le",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.s390x",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.x86_64",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.aarch64",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.ppc64le",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.s390x",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.src",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.x86_64",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.aarch64",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.ppc64le",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.s390x",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.x86_64",
"AppStream-10.0.Z:golang-docs-0:1.23.7-1.el10_0.noarch",
"AppStream-10.0.Z:golang-misc-0:1.23.7-1.el10_0.noarch",
"AppStream-10.0.Z:golang-src-0:1.23.7-1.el10_0.noarch",
"AppStream-10.0.Z:golang-tests-0:1.23.7-1.el10_0.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:7466"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.aarch64",
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.ppc64le",
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.src",
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.x86_64",
"AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.aarch64",
"AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.ppc64le",
"AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.x86_64",
"AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.aarch64",
"AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.ppc64le",
"AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.x86_64",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.aarch64",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.ppc64le",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.s390x",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.x86_64",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.aarch64",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.ppc64le",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.s390x",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.src",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.x86_64",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.aarch64",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.ppc64le",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.s390x",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.x86_64",
"AppStream-10.0.Z:golang-docs-0:1.23.7-1.el10_0.noarch",
"AppStream-10.0.Z:golang-misc-0:1.23.7-1.el10_0.noarch",
"AppStream-10.0.Z:golang-src-0:1.23.7-1.el10_0.noarch",
"AppStream-10.0.Z:golang-tests-0:1.23.7-1.el10_0.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints"
},
{
"cve": "CVE-2025-22866",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2025-02-06T17:00:56.155646+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344219"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.aarch64",
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.ppc64le",
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.src",
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.x86_64",
"AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.aarch64",
"AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.ppc64le",
"AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.x86_64",
"AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.aarch64",
"AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.ppc64le",
"AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.x86_64",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.aarch64",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.ppc64le",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.s390x",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.x86_64",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.aarch64",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.ppc64le",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.s390x",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.src",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.x86_64",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.aarch64",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.ppc64le",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.s390x",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.x86_64",
"AppStream-10.0.Z:golang-docs-0:1.23.7-1.el10_0.noarch",
"AppStream-10.0.Z:golang-misc-0:1.23.7-1.el10_0.noarch",
"AppStream-10.0.Z:golang-src-0:1.23.7-1.el10_0.noarch",
"AppStream-10.0.Z:golang-tests-0:1.23.7-1.el10_0.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22866"
},
{
"category": "external",
"summary": "RHBZ#2344219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344219"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22866",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22866"
},
{
"category": "external",
"summary": "https://go.dev/cl/643735",
"url": "https://go.dev/cl/643735"
},
{
"category": "external",
"summary": "https://go.dev/issue/71383",
"url": "https://go.dev/issue/71383"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k",
"url": "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3447",
"url": "https://pkg.go.dev/vuln/GO-2025-3447"
}
],
"release_date": "2025-02-06T16:54:10.252000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-13T15:59:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.aarch64",
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.ppc64le",
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.src",
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.x86_64",
"AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.aarch64",
"AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.ppc64le",
"AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.x86_64",
"AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.aarch64",
"AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.ppc64le",
"AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.x86_64",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.aarch64",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.ppc64le",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.s390x",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.x86_64",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.aarch64",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.ppc64le",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.s390x",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.src",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.x86_64",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.aarch64",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.ppc64le",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.s390x",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.x86_64",
"AppStream-10.0.Z:golang-docs-0:1.23.7-1.el10_0.noarch",
"AppStream-10.0.Z:golang-misc-0:1.23.7-1.el10_0.noarch",
"AppStream-10.0.Z:golang-src-0:1.23.7-1.el10_0.noarch",
"AppStream-10.0.Z:golang-tests-0:1.23.7-1.el10_0.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:7466"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.aarch64",
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.ppc64le",
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.src",
"AppStream-10.0.Z:delve-0:1.24.1-1.el10_0.x86_64",
"AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.aarch64",
"AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.ppc64le",
"AppStream-10.0.Z:delve-debuginfo-0:1.24.1-1.el10_0.x86_64",
"AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.aarch64",
"AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.ppc64le",
"AppStream-10.0.Z:delve-debugsource-0:1.24.1-1.el10_0.x86_64",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.aarch64",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.ppc64le",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.s390x",
"AppStream-10.0.Z:go-toolset-0:1.23.7-1.el10_0.x86_64",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.aarch64",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.ppc64le",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.s390x",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.src",
"AppStream-10.0.Z:golang-0:1.23.7-1.el10_0.x86_64",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.aarch64",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.ppc64le",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.s390x",
"AppStream-10.0.Z:golang-bin-0:1.23.7-1.el10_0.x86_64",
"AppStream-10.0.Z:golang-docs-0:1.23.7-1.el10_0.noarch",
"AppStream-10.0.Z:golang-misc-0:1.23.7-1.el10_0.noarch",
"AppStream-10.0.Z:golang-src-0:1.23.7-1.el10_0.noarch",
"AppStream-10.0.Z:golang-tests-0:1.23.7-1.el10_0.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…