Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-61729 (GCVE-0-2025-61729)
Vulnerability from cvelistv5 – Published: 2025-12-02 18:54 – Updated: 2025-12-03 19:37- CWE-400 - Uncontrolled Resource Consumption
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | crypto/x509 |
Affected:
0 , < 1.24.11
(semver)
Affected: 1.25.0 , < 1.25.5 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-61729",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T21:52:36.341575Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T21:52:58.224Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "crypto/x509",
"product": "crypto/x509",
"programRoutines": [
{
"name": "Certificate.VerifyHostname"
},
{
"name": "Certificate.Verify"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.24.11",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.25.5",
"status": "affected",
"version": "1.25.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Philippe Antoine (Catena cyber)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T19:37:14.903Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/725920"
},
{
"url": "https://go.dev/issue/76445"
},
{
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"title": "Excessive resource consumption when printing error string for host certificate validation in crypto/x509"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2025-61729",
"datePublished": "2025-12-02T18:54:10.166Z",
"dateReserved": "2025-09-30T15:05:03.605Z",
"dateUpdated": "2025-12-03T19:37:14.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-61729",
"date": "2026-06-30",
"epss": "0.00451",
"percentile": "0.35925"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-61729\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2025-12-02T19:15:51.447\",\"lastModified\":\"2026-06-17T09:50:48.507\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.\"}],\"affected\":[{\"source\":\"security@golang.org\",\"affectedData\":[{\"vendor\":\"Go standard library\",\"product\":\"crypto/x509\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"crypto/x509\",\"programRoutines\":[{\"name\":\"Certificate.VerifyHostname\"},{\"name\":\"Certificate.Verify\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"1.24.11\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.25.0\",\"lessThan\":\"1.25.5\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-12-02T21:52:36.341575Z\",\"id\":\"CVE-2025-61729\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.24.11\",\"matchCriteriaId\":\"F2E6FD2A-A487-4099-B91D-2429F286AC6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.25.0\",\"versionEndExcluding\":\"1.25.5\",\"matchCriteriaId\":\"39C03A37-B94B-46E4-B1C2-A70A870F8E53\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/725920\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/76445\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/8FJoBkPddm4\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Release Notes\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2025-4155\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-61729\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-02T21:52:36.341575Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-02T21:52:53.822Z\"}}], \"cna\": {\"title\": \"Excessive resource consumption when printing error string for host certificate validation in crypto/x509\", \"credits\": [{\"lang\": \"en\", \"value\": \"Philippe Antoine (Catena cyber)\"}], \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"crypto/x509\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.24.11\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.25.0\", \"lessThan\": \"1.25.5\", \"versionType\": \"semver\"}], \"packageName\": \"crypto/x509\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"Certificate.VerifyHostname\"}, {\"name\": \"Certificate.Verify\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/725920\"}, {\"url\": \"https://go.dev/issue/76445\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/8FJoBkPddm4\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2025-4155\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2025-12-03T19:37:14.903Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-61729\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-03T19:37:14.903Z\", \"dateReserved\": \"2025-09-30T15:05:03.605Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2025-12-02T18:54:10.166Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:5031
Vulnerability from csaf_redhat - Published: 2026-03-19 05:19 - Updated: 2026-07-01 00:17A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:rhc-1:0.2.1-13.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:rhc-1:0.2.1-13.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:rhc-1:0.2.1-13.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:rhc-1:0.2.1-13.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:rhc-1:0.2.1-13.el8_6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:rhc-1:0.2.1-13.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:rhc-1:0.2.1-13.el8_6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:rhc-1:0.2.1-13.el8_6.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rhc is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5031",
"url": "https://access.redhat.com/errata/RHSA-2026:5031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5031.json"
}
],
"title": "Red Hat Security Advisory: rhc security update",
"tracking": {
"current_release_date": "2026-07-01T00:17:00+00:00",
"generator": {
"date": "2026-07-01T00:17:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:5031",
"initial_release_date": "2026-03-19T05:19:39+00:00",
"revision_history": [
{
"date": "2026-03-19T05:19:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-19T05:19:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T00:17:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.1-13.el8_6.src",
"product": {
"name": "rhc-1:0.2.1-13.el8_6.src",
"product_id": "rhc-1:0.2.1-13.el8_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.1-13.el8_6?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.1-13.el8_6.x86_64",
"product": {
"name": "rhc-1:0.2.1-13.el8_6.x86_64",
"product_id": "rhc-1:0.2.1-13.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.1-13.el8_6?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.1-13.el8_6.aarch64",
"product": {
"name": "rhc-1:0.2.1-13.el8_6.aarch64",
"product_id": "rhc-1:0.2.1-13.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.1-13.el8_6?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.1-13.el8_6.ppc64le",
"product": {
"name": "rhc-1:0.2.1-13.el8_6.ppc64le",
"product_id": "rhc-1:0.2.1-13.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.1-13.el8_6?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.1-13.el8_6.s390x",
"product": {
"name": "rhc-1:0.2.1-13.el8_6.s390x",
"product_id": "rhc-1:0.2.1-13.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.1-13.el8_6?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.1-13.el8_6.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:rhc-1:0.2.1-13.el8_6.src"
},
"product_reference": "rhc-1:0.2.1-13.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.1-13.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:rhc-1:0.2.1-13.el8_6.x86_64"
},
"product_reference": "rhc-1:0.2.1-13.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.1-13.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.aarch64"
},
"product_reference": "rhc-1:0.2.1-13.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.1-13.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.ppc64le"
},
"product_reference": "rhc-1:0.2.1-13.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.1-13.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.s390x"
},
"product_reference": "rhc-1:0.2.1-13.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.1-13.el8_6.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.src"
},
"product_reference": "rhc-1:0.2.1-13.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.1-13.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.x86_64"
},
"product_reference": "rhc-1:0.2.1-13.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.1-13.el8_6.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:rhc-1:0.2.1-13.el8_6.src"
},
"product_reference": "rhc-1:0.2.1-13.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.1-13.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:rhc-1:0.2.1-13.el8_6.x86_64"
},
"product_reference": "rhc-1:0.2.1-13.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:rhc-1:0.2.1-13.el8_6.src",
"AppStream-8.6.0.Z.AUS:rhc-1:0.2.1-13.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.src",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:rhc-1:0.2.1-13.el8_6.src",
"AppStream-8.6.0.Z.TUS:rhc-1:0.2.1-13.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T05:19:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:rhc-1:0.2.1-13.el8_6.src",
"AppStream-8.6.0.Z.AUS:rhc-1:0.2.1-13.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.src",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:rhc-1:0.2.1-13.el8_6.src",
"AppStream-8.6.0.Z.TUS:rhc-1:0.2.1-13.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5031"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:rhc-1:0.2.1-13.el8_6.src",
"AppStream-8.6.0.Z.AUS:rhc-1:0.2.1-13.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.src",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:rhc-1:0.2.1-13.el8_6.src",
"AppStream-8.6.0.Z.TUS:rhc-1:0.2.1-13.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:rhc-1:0.2.1-13.el8_6.src",
"AppStream-8.6.0.Z.AUS:rhc-1:0.2.1-13.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.src",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:rhc-1:0.2.1-13.el8_6.src",
"AppStream-8.6.0.Z.TUS:rhc-1:0.2.1-13.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:rhc-1:0.2.1-13.el8_6.src",
"AppStream-8.6.0.Z.AUS:rhc-1:0.2.1-13.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.src",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:rhc-1:0.2.1-13.el8_6.src",
"AppStream-8.6.0.Z.TUS:rhc-1:0.2.1-13.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T05:19:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:rhc-1:0.2.1-13.el8_6.src",
"AppStream-8.6.0.Z.AUS:rhc-1:0.2.1-13.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.src",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:rhc-1:0.2.1-13.el8_6.src",
"AppStream-8.6.0.Z.TUS:rhc-1:0.2.1-13.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5031"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:rhc-1:0.2.1-13.el8_6.src",
"AppStream-8.6.0.Z.AUS:rhc-1:0.2.1-13.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.src",
"AppStream-8.6.0.Z.E4S:rhc-1:0.2.1-13.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:rhc-1:0.2.1-13.el8_6.src",
"AppStream-8.6.0.Z.TUS:rhc-1:0.2.1-13.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
}
]
}
RHSA-2026:5076
Vulnerability from csaf_redhat - Published: 2026-03-19 21:34 - Updated: 2026-07-01 00:17A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rhc is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5076",
"url": "https://access.redhat.com/errata/RHSA-2026:5076"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5076.json"
}
],
"title": "Red Hat Security Advisory: rhc security update",
"tracking": {
"current_release_date": "2026-07-01T00:17:00+00:00",
"generator": {
"date": "2026-07-01T00:17:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:5076",
"initial_release_date": "2026-03-19T21:34:22+00:00",
"revision_history": [
{
"date": "2026-03-19T21:34:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-19T21:34:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T00:17:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.2-1.el9_2.1.src",
"product": {
"name": "rhc-1:0.2.2-1.el9_2.1.src",
"product_id": "rhc-1:0.2.2-1.el9_2.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.2-1.el9_2.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.2-1.el9_2.1.aarch64",
"product": {
"name": "rhc-1:0.2.2-1.el9_2.1.aarch64",
"product_id": "rhc-1:0.2.2-1.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.2-1.el9_2.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.2.2-1.el9_2.1.aarch64",
"product": {
"name": "rhc-debugsource-1:0.2.2-1.el9_2.1.aarch64",
"product_id": "rhc-debugsource-1:0.2.2-1.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.2-1.el9_2.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.2.2-1.el9_2.1.aarch64",
"product": {
"name": "rhc-debuginfo-1:0.2.2-1.el9_2.1.aarch64",
"product_id": "rhc-debuginfo-1:0.2.2-1.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.2-1.el9_2.1?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.2-1.el9_2.1.ppc64le",
"product": {
"name": "rhc-1:0.2.2-1.el9_2.1.ppc64le",
"product_id": "rhc-1:0.2.2-1.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.2-1.el9_2.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.2.2-1.el9_2.1.ppc64le",
"product": {
"name": "rhc-debugsource-1:0.2.2-1.el9_2.1.ppc64le",
"product_id": "rhc-debugsource-1:0.2.2-1.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.2-1.el9_2.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.2.2-1.el9_2.1.ppc64le",
"product": {
"name": "rhc-debuginfo-1:0.2.2-1.el9_2.1.ppc64le",
"product_id": "rhc-debuginfo-1:0.2.2-1.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.2-1.el9_2.1?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.2-1.el9_2.1.x86_64",
"product": {
"name": "rhc-1:0.2.2-1.el9_2.1.x86_64",
"product_id": "rhc-1:0.2.2-1.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.2-1.el9_2.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.2.2-1.el9_2.1.x86_64",
"product": {
"name": "rhc-debugsource-1:0.2.2-1.el9_2.1.x86_64",
"product_id": "rhc-debugsource-1:0.2.2-1.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.2-1.el9_2.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.2.2-1.el9_2.1.x86_64",
"product": {
"name": "rhc-debuginfo-1:0.2.2-1.el9_2.1.x86_64",
"product_id": "rhc-debuginfo-1:0.2.2-1.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.2-1.el9_2.1?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.2-1.el9_2.1.s390x",
"product": {
"name": "rhc-1:0.2.2-1.el9_2.1.s390x",
"product_id": "rhc-1:0.2.2-1.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.2-1.el9_2.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.2.2-1.el9_2.1.s390x",
"product": {
"name": "rhc-debugsource-1:0.2.2-1.el9_2.1.s390x",
"product_id": "rhc-debugsource-1:0.2.2-1.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.2-1.el9_2.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.2.2-1.el9_2.1.s390x",
"product": {
"name": "rhc-debuginfo-1:0.2.2-1.el9_2.1.s390x",
"product_id": "rhc-debuginfo-1:0.2.2-1.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.2-1.el9_2.1?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.2-1.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.aarch64"
},
"product_reference": "rhc-1:0.2.2-1.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.2-1.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.ppc64le"
},
"product_reference": "rhc-1:0.2.2-1.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.2-1.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.s390x"
},
"product_reference": "rhc-1:0.2.2-1.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.2-1.el9_2.1.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.src"
},
"product_reference": "rhc-1:0.2.2-1.el9_2.1.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.2-1.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.x86_64"
},
"product_reference": "rhc-1:0.2.2-1.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.2-1.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.aarch64"
},
"product_reference": "rhc-debuginfo-1:0.2.2-1.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.2-1.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.ppc64le"
},
"product_reference": "rhc-debuginfo-1:0.2.2-1.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.2-1.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.s390x"
},
"product_reference": "rhc-debuginfo-1:0.2.2-1.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.2-1.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.x86_64"
},
"product_reference": "rhc-debuginfo-1:0.2.2-1.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.2-1.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.aarch64"
},
"product_reference": "rhc-debugsource-1:0.2.2-1.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.2-1.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.ppc64le"
},
"product_reference": "rhc-debugsource-1:0.2.2-1.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.2-1.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.s390x"
},
"product_reference": "rhc-debugsource-1:0.2.2-1.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.2-1.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.x86_64"
},
"product_reference": "rhc-debugsource-1:0.2.2-1.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T21:34:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5076"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T21:34:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5076"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:rhc-1:0.2.2-1.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:rhc-debuginfo-1:0.2.2-1.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:rhc-debugsource-1:0.2.2-1.el9_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
}
]
}
RHSA-2026:5077
Vulnerability from csaf_redhat - Published: 2026-03-19 23:49 - Updated: 2026-07-01 00:13A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rhc is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5077",
"url": "https://access.redhat.com/errata/RHSA-2026:5077"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5077.json"
}
],
"title": "Red Hat Security Advisory: rhc security update",
"tracking": {
"current_release_date": "2026-07-01T00:13:34+00:00",
"generator": {
"date": "2026-07-01T00:13:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:5077",
"initial_release_date": "2026-03-19T23:49:18+00:00",
"revision_history": [
{
"date": "2026-03-19T23:49:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-19T23:49:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T00:13:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product": {
"name": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product_id": "CRB-9.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.6::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.7-1.el9_6.1.src",
"product": {
"name": "rhc-1:0.2.7-1.el9_6.1.src",
"product_id": "rhc-1:0.2.7-1.el9_6.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.7-1.el9_6.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.7-1.el9_6.1.aarch64",
"product": {
"name": "rhc-1:0.2.7-1.el9_6.1.aarch64",
"product_id": "rhc-1:0.2.7-1.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.7-1.el9_6.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"product": {
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"product_id": "rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.7-1.el9_6.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"product": {
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"product_id": "rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.7-1.el9_6.1?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"product": {
"name": "rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"product_id": "rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-devel@0.2.7-1.el9_6.1?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.7-1.el9_6.1.ppc64le",
"product": {
"name": "rhc-1:0.2.7-1.el9_6.1.ppc64le",
"product_id": "rhc-1:0.2.7-1.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.7-1.el9_6.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"product": {
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"product_id": "rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.7-1.el9_6.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"product": {
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"product_id": "rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.7-1.el9_6.1?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"product": {
"name": "rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"product_id": "rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-devel@0.2.7-1.el9_6.1?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.7-1.el9_6.1.x86_64",
"product": {
"name": "rhc-1:0.2.7-1.el9_6.1.x86_64",
"product_id": "rhc-1:0.2.7-1.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.7-1.el9_6.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"product": {
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"product_id": "rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.7-1.el9_6.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"product": {
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"product_id": "rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.7-1.el9_6.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-devel-1:0.2.7-1.el9_6.1.x86_64",
"product": {
"name": "rhc-devel-1:0.2.7-1.el9_6.1.x86_64",
"product_id": "rhc-devel-1:0.2.7-1.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-devel@0.2.7-1.el9_6.1?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.7-1.el9_6.1.s390x",
"product": {
"name": "rhc-1:0.2.7-1.el9_6.1.s390x",
"product_id": "rhc-1:0.2.7-1.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.7-1.el9_6.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"product": {
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"product_id": "rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.7-1.el9_6.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"product": {
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"product_id": "rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.7-1.el9_6.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"product": {
"name": "rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"product_id": "rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-devel@0.2.7-1.el9_6.1?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.7-1.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64"
},
"product_reference": "rhc-1:0.2.7-1.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.7-1.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le"
},
"product_reference": "rhc-1:0.2.7-1.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.7-1.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x"
},
"product_reference": "rhc-1:0.2.7-1.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.7-1.el9_6.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src"
},
"product_reference": "rhc-1:0.2.7-1.el9_6.1.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.7-1.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64"
},
"product_reference": "rhc-1:0.2.7-1.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64"
},
"product_reference": "rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le"
},
"product_reference": "rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x"
},
"product_reference": "rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64"
},
"product_reference": "rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64"
},
"product_reference": "rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le"
},
"product_reference": "rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x"
},
"product_reference": "rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64"
},
"product_reference": "rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product_id": "CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64"
},
"product_reference": "rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"relates_to_product_reference": "CRB-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product_id": "CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le"
},
"product_reference": "rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"relates_to_product_reference": "CRB-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product_id": "CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x"
},
"product_reference": "rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"relates_to_product_reference": "CRB-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product_id": "CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64"
},
"product_reference": "rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"relates_to_product_reference": "CRB-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product_id": "CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64"
},
"product_reference": "rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"relates_to_product_reference": "CRB-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product_id": "CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le"
},
"product_reference": "rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"relates_to_product_reference": "CRB-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product_id": "CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x"
},
"product_reference": "rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"relates_to_product_reference": "CRB-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product_id": "CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64"
},
"product_reference": "rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"relates_to_product_reference": "CRB-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-devel-1:0.2.7-1.el9_6.1.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product_id": "CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64"
},
"product_reference": "rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"relates_to_product_reference": "CRB-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-devel-1:0.2.7-1.el9_6.1.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product_id": "CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le"
},
"product_reference": "rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"relates_to_product_reference": "CRB-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-devel-1:0.2.7-1.el9_6.1.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product_id": "CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x"
},
"product_reference": "rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"relates_to_product_reference": "CRB-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-devel-1:0.2.7-1.el9_6.1.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.6)",
"product_id": "CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64"
},
"product_reference": "rhc-devel-1:0.2.7-1.el9_6.1.x86_64",
"relates_to_product_reference": "CRB-9.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T23:49:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5077"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T23:49:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5077"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T23:49:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5077"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:rhc-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debuginfo-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-debugsource-1:0.2.7-1.el9_6.1.x86_64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.aarch64",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.ppc64le",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.s390x",
"CRB-9.6.0.Z.EUS:rhc-devel-1:0.2.7-1.el9_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
}
]
}
RHSA-2026:5078
Vulnerability from csaf_redhat - Published: 2026-03-19 21:11 - Updated: 2026-07-01 00:17A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rhc is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5078",
"url": "https://access.redhat.com/errata/RHSA-2026:5078"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5078.json"
}
],
"title": "Red Hat Security Advisory: rhc security update",
"tracking": {
"current_release_date": "2026-07-01T00:17:00+00:00",
"generator": {
"date": "2026-07-01T00:17:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:5078",
"initial_release_date": "2026-03-19T21:11:27+00:00",
"revision_history": [
{
"date": "2026-03-19T21:11:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-19T21:11:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T00:17:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat CodeReady Linux Builder EUS (v.9.4)",
"product": {
"name": "Red Hat CodeReady Linux Builder EUS (v.9.4)",
"product_id": "CRB-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.4-6.el9_4.src",
"product": {
"name": "rhc-1:0.2.4-6.el9_4.src",
"product_id": "rhc-1:0.2.4-6.el9_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.4-6.el9_4?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.4-6.el9_4.aarch64",
"product": {
"name": "rhc-1:0.2.4-6.el9_4.aarch64",
"product_id": "rhc-1:0.2.4-6.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.4-6.el9_4?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.2.4-6.el9_4.aarch64",
"product": {
"name": "rhc-debugsource-1:0.2.4-6.el9_4.aarch64",
"product_id": "rhc-debugsource-1:0.2.4-6.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.4-6.el9_4?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.2.4-6.el9_4.aarch64",
"product": {
"name": "rhc-debuginfo-1:0.2.4-6.el9_4.aarch64",
"product_id": "rhc-debuginfo-1:0.2.4-6.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.4-6.el9_4?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-devel-1:0.2.4-6.el9_4.aarch64",
"product": {
"name": "rhc-devel-1:0.2.4-6.el9_4.aarch64",
"product_id": "rhc-devel-1:0.2.4-6.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-devel@0.2.4-6.el9_4?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.4-6.el9_4.ppc64le",
"product": {
"name": "rhc-1:0.2.4-6.el9_4.ppc64le",
"product_id": "rhc-1:0.2.4-6.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.4-6.el9_4?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.2.4-6.el9_4.ppc64le",
"product": {
"name": "rhc-debugsource-1:0.2.4-6.el9_4.ppc64le",
"product_id": "rhc-debugsource-1:0.2.4-6.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.4-6.el9_4?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.2.4-6.el9_4.ppc64le",
"product": {
"name": "rhc-debuginfo-1:0.2.4-6.el9_4.ppc64le",
"product_id": "rhc-debuginfo-1:0.2.4-6.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.4-6.el9_4?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-devel-1:0.2.4-6.el9_4.ppc64le",
"product": {
"name": "rhc-devel-1:0.2.4-6.el9_4.ppc64le",
"product_id": "rhc-devel-1:0.2.4-6.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-devel@0.2.4-6.el9_4?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.4-6.el9_4.x86_64",
"product": {
"name": "rhc-1:0.2.4-6.el9_4.x86_64",
"product_id": "rhc-1:0.2.4-6.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.4-6.el9_4?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.2.4-6.el9_4.x86_64",
"product": {
"name": "rhc-debugsource-1:0.2.4-6.el9_4.x86_64",
"product_id": "rhc-debugsource-1:0.2.4-6.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.4-6.el9_4?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.2.4-6.el9_4.x86_64",
"product": {
"name": "rhc-debuginfo-1:0.2.4-6.el9_4.x86_64",
"product_id": "rhc-debuginfo-1:0.2.4-6.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.4-6.el9_4?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-devel-1:0.2.4-6.el9_4.x86_64",
"product": {
"name": "rhc-devel-1:0.2.4-6.el9_4.x86_64",
"product_id": "rhc-devel-1:0.2.4-6.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-devel@0.2.4-6.el9_4?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.4-6.el9_4.s390x",
"product": {
"name": "rhc-1:0.2.4-6.el9_4.s390x",
"product_id": "rhc-1:0.2.4-6.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.4-6.el9_4?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.2.4-6.el9_4.s390x",
"product": {
"name": "rhc-debugsource-1:0.2.4-6.el9_4.s390x",
"product_id": "rhc-debugsource-1:0.2.4-6.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.2.4-6.el9_4?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.2.4-6.el9_4.s390x",
"product": {
"name": "rhc-debuginfo-1:0.2.4-6.el9_4.s390x",
"product_id": "rhc-debuginfo-1:0.2.4-6.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.2.4-6.el9_4?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-devel-1:0.2.4-6.el9_4.s390x",
"product": {
"name": "rhc-devel-1:0.2.4-6.el9_4.s390x",
"product_id": "rhc-devel-1:0.2.4-6.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-devel@0.2.4-6.el9_4?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.4-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.aarch64"
},
"product_reference": "rhc-1:0.2.4-6.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.4-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.ppc64le"
},
"product_reference": "rhc-1:0.2.4-6.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.4-6.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.s390x"
},
"product_reference": "rhc-1:0.2.4-6.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.4-6.el9_4.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.src"
},
"product_reference": "rhc-1:0.2.4-6.el9_4.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.4-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.x86_64"
},
"product_reference": "rhc-1:0.2.4-6.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.4-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.aarch64"
},
"product_reference": "rhc-debuginfo-1:0.2.4-6.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.4-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.ppc64le"
},
"product_reference": "rhc-debuginfo-1:0.2.4-6.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.4-6.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.s390x"
},
"product_reference": "rhc-debuginfo-1:0.2.4-6.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.4-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.x86_64"
},
"product_reference": "rhc-debuginfo-1:0.2.4-6.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.4-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.aarch64"
},
"product_reference": "rhc-debugsource-1:0.2.4-6.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.4-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.ppc64le"
},
"product_reference": "rhc-debugsource-1:0.2.4-6.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.4-6.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.s390x"
},
"product_reference": "rhc-debugsource-1:0.2.4-6.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.4-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.x86_64"
},
"product_reference": "rhc-debugsource-1:0.2.4-6.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.4-6.el9_4.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.4)",
"product_id": "CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.aarch64"
},
"product_reference": "rhc-debuginfo-1:0.2.4-6.el9_4.aarch64",
"relates_to_product_reference": "CRB-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.4-6.el9_4.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.4)",
"product_id": "CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.ppc64le"
},
"product_reference": "rhc-debuginfo-1:0.2.4-6.el9_4.ppc64le",
"relates_to_product_reference": "CRB-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.4-6.el9_4.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.4)",
"product_id": "CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.s390x"
},
"product_reference": "rhc-debuginfo-1:0.2.4-6.el9_4.s390x",
"relates_to_product_reference": "CRB-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.2.4-6.el9_4.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.4)",
"product_id": "CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.x86_64"
},
"product_reference": "rhc-debuginfo-1:0.2.4-6.el9_4.x86_64",
"relates_to_product_reference": "CRB-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.4-6.el9_4.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.4)",
"product_id": "CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.aarch64"
},
"product_reference": "rhc-debugsource-1:0.2.4-6.el9_4.aarch64",
"relates_to_product_reference": "CRB-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.4-6.el9_4.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.4)",
"product_id": "CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.ppc64le"
},
"product_reference": "rhc-debugsource-1:0.2.4-6.el9_4.ppc64le",
"relates_to_product_reference": "CRB-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.4-6.el9_4.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.4)",
"product_id": "CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.s390x"
},
"product_reference": "rhc-debugsource-1:0.2.4-6.el9_4.s390x",
"relates_to_product_reference": "CRB-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.2.4-6.el9_4.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.4)",
"product_id": "CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.x86_64"
},
"product_reference": "rhc-debugsource-1:0.2.4-6.el9_4.x86_64",
"relates_to_product_reference": "CRB-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-devel-1:0.2.4-6.el9_4.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.4)",
"product_id": "CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.aarch64"
},
"product_reference": "rhc-devel-1:0.2.4-6.el9_4.aarch64",
"relates_to_product_reference": "CRB-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-devel-1:0.2.4-6.el9_4.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.4)",
"product_id": "CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.ppc64le"
},
"product_reference": "rhc-devel-1:0.2.4-6.el9_4.ppc64le",
"relates_to_product_reference": "CRB-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-devel-1:0.2.4-6.el9_4.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.4)",
"product_id": "CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.s390x"
},
"product_reference": "rhc-devel-1:0.2.4-6.el9_4.s390x",
"relates_to_product_reference": "CRB-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-devel-1:0.2.4-6.el9_4.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.4)",
"product_id": "CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.x86_64"
},
"product_reference": "rhc-devel-1:0.2.4-6.el9_4.x86_64",
"relates_to_product_reference": "CRB-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.src",
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.x86_64",
"CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.aarch64",
"CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.ppc64le",
"CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.s390x",
"CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.x86_64",
"CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.aarch64",
"CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.ppc64le",
"CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.s390x",
"CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.x86_64",
"CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.aarch64",
"CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.ppc64le",
"CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.s390x",
"CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T21:11:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.src",
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.x86_64",
"CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.aarch64",
"CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.ppc64le",
"CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.s390x",
"CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.x86_64",
"CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.aarch64",
"CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.ppc64le",
"CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.s390x",
"CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.x86_64",
"CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.aarch64",
"CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.ppc64le",
"CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.s390x",
"CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5078"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.src",
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.x86_64",
"CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.aarch64",
"CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.ppc64le",
"CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.s390x",
"CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.x86_64",
"CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.aarch64",
"CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.ppc64le",
"CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.s390x",
"CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.x86_64",
"CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.aarch64",
"CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.ppc64le",
"CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.s390x",
"CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.src",
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.x86_64",
"CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.aarch64",
"CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.ppc64le",
"CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.s390x",
"CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.x86_64",
"CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.aarch64",
"CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.ppc64le",
"CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.s390x",
"CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.x86_64",
"CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.aarch64",
"CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.ppc64le",
"CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.s390x",
"CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.src",
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.x86_64",
"CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.aarch64",
"CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.ppc64le",
"CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.s390x",
"CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.x86_64",
"CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.aarch64",
"CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.ppc64le",
"CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.s390x",
"CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.x86_64",
"CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.aarch64",
"CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.ppc64le",
"CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.s390x",
"CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T21:11:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.src",
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.x86_64",
"CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.aarch64",
"CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.ppc64le",
"CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.s390x",
"CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.x86_64",
"CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.aarch64",
"CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.ppc64le",
"CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.s390x",
"CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.x86_64",
"CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.aarch64",
"CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.ppc64le",
"CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.s390x",
"CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5078"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.src",
"AppStream-9.4.0.Z.EUS:rhc-1:0.2.4-6.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.x86_64",
"CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.aarch64",
"CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.ppc64le",
"CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.s390x",
"CRB-9.4.0.Z.EUS:rhc-debuginfo-1:0.2.4-6.el9_4.x86_64",
"CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.aarch64",
"CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.ppc64le",
"CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.s390x",
"CRB-9.4.0.Z.EUS:rhc-debugsource-1:0.2.4-6.el9_4.x86_64",
"CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.aarch64",
"CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.ppc64le",
"CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.s390x",
"CRB-9.4.0.Z.EUS:rhc-devel-1:0.2.4-6.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
}
]
}
RHSA-2026:5079
Vulnerability from csaf_redhat - Published: 2026-03-19 09:49 - Updated: 2026-07-01 00:17A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rhc is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5079",
"url": "https://access.redhat.com/errata/RHSA-2026:5079"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5079.json"
}
],
"title": "Red Hat Security Advisory: rhc security update",
"tracking": {
"current_release_date": "2026-07-01T00:17:01+00:00",
"generator": {
"date": "2026-07-01T00:17:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:5079",
"initial_release_date": "2026-03-19T09:49:36+00:00",
"revision_history": [
{
"date": "2026-03-19T09:49:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-19T09:49:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T00:17:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.0::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.1-12.el9_0.src",
"product": {
"name": "rhc-1:0.2.1-12.el9_0.src",
"product_id": "rhc-1:0.2.1-12.el9_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.1-12.el9_0?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.1-12.el9_0.aarch64",
"product": {
"name": "rhc-1:0.2.1-12.el9_0.aarch64",
"product_id": "rhc-1:0.2.1-12.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.1-12.el9_0?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.1-12.el9_0.ppc64le",
"product": {
"name": "rhc-1:0.2.1-12.el9_0.ppc64le",
"product_id": "rhc-1:0.2.1-12.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.1-12.el9_0?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.1-12.el9_0.x86_64",
"product": {
"name": "rhc-1:0.2.1-12.el9_0.x86_64",
"product_id": "rhc-1:0.2.1-12.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.1-12.el9_0?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.2.1-12.el9_0.s390x",
"product": {
"name": "rhc-1:0.2.1-12.el9_0.s390x",
"product_id": "rhc-1:0.2.1-12.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.2.1-12.el9_0?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.1-12.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.aarch64"
},
"product_reference": "rhc-1:0.2.1-12.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.1-12.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.ppc64le"
},
"product_reference": "rhc-1:0.2.1-12.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.1-12.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.s390x"
},
"product_reference": "rhc-1:0.2.1-12.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.1-12.el9_0.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.src"
},
"product_reference": "rhc-1:0.2.1-12.el9_0.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.2.1-12.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.x86_64"
},
"product_reference": "rhc-1:0.2.1-12.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.src",
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T09:49:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.src",
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5079"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.src",
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.src",
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.src",
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T09:49:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.src",
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5079"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.aarch64",
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.ppc64le",
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.s390x",
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.src",
"AppStream-9.0.0.Z.E4S:rhc-1:0.2.1-12.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
}
]
}
RHSA-2026:5110
Vulnerability from csaf_redhat - Published: 2026-03-19 10:27 - Updated: 2026-07-01 00:13A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64 | — |
Workaround
|
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64 | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64 | — |
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64 | — | ||
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64 | — |
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64 | — |
Workaround
|
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64 | — |
Workaround
|
A flaw was found in nats-server. The WebSockets implementation fails to enforce a memory allocation limit during the decompression of WebSocket messages. A malicious compressed payload allows an attacker to cause an excessive memory consumption, eventually resulting in a server crash and a complete denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64 | — |
Workaround
|
|
| Unresolved product id: Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Multicluster Global Hub v1.5.4 general availability release images, which provide security fixes, bug fixes, and updated container images.\n\nRed Hat Product Security has rated this update as having a security impact of Important. \nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat multicluster global hub is a set of components that enable you to import one or more hub clusters and manage them from a single hub cluster.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5110",
"url": "https://access.redhat.com/errata/RHSA-2026:5110"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27571",
"url": "https://access.redhat.com/security/cve/CVE-2026-27571"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5110.json"
}
],
"title": "Red Hat Security Advisory: Multicluster Global Hub 1.5.4 security update",
"tracking": {
"current_release_date": "2026-07-01T00:13:31+00:00",
"generator": {
"date": "2026-07-01T00:13:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:5110",
"initial_release_date": "2026-03-19T10:27:09+00:00",
"revision_history": [
{
"date": "2026-03-19T10:27:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-19T10:27:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T00:13:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Multicluster Global Hub 1.5.4",
"product": {
"name": "Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:multicluster_globalhub:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Multicluster Global Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3Ad28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650767"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3Aa57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650627"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3Aadfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650749"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-operator-bundle@sha256%3A4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773652587"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3Aecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649850"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649705"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650767"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650627"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3Aa10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650749"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649850"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3Ad13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649705"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3Acc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650767"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650627"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650749"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649850"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3Ab8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649705"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3Af8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650767"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650627"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3Ac045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773650749"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649850"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3Abace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1773649705"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64 as a component of Multicluster Global Hub 1.5.4",
"product_id": "Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64",
"relates_to_product_reference": "Multicluster Global Hub 1.5.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T10:27:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5110"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T10:27:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5110"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T10:27:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5110"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T10:27:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5110"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T10:27:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5110"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T10:27:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5110"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
},
{
"cve": "CVE-2026-27571",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-02-24T17:04:11.684134+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442401"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nats-server. The WebSockets implementation fails to enforce a memory allocation limit during the decompression of WebSocket messages. A malicious compressed payload allows an attacker to cause an excessive memory consumption, eventually resulting in a server crash and a complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nats-server: WebSockets pre-auth memory DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw does not require valid NATS credentials to be exploited as the use of compression is negotiated before the authentication process. However, only deployments using WebSockets and that are exposed to untrusted network endpoints are vulnerable to this issue, limiting its exposure. Due to these reasons, this issue has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64"
],
"known_not_affected": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27571"
},
{
"category": "external",
"summary": "RHBZ#2442401",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442401"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27571",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27571"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27571",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27571"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/commit/f77fb7c4535e6727cc1a2899cd8e6bbdd8ba2017",
"url": "https://github.com/nats-io/nats-server/commit/f77fb7c4535e6727cc1a2899cd8e6bbdd8ba2017"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/releases/tag/v2.11.12",
"url": "https://github.com/nats-io/nats-server/releases/tag/v2.11.12"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/releases/tag/v2.12.3",
"url": "https://github.com/nats-io/nats-server/releases/tag/v2.12.3"
},
{
"category": "external",
"summary": "https://github.com/nats-io/nats-server/security/advisories/GHSA-qrvq-68c2-7grw",
"url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-qrvq-68c2-7grw"
}
],
"release_date": "2026-02-24T15:59:17.926000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T10:27:09+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.14/html/multicluster_global_hub/index",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5110"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:1e950fd906277c3bafaffa140dc387b14d07d2a818c18638b98d03c21cb618fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:64543029a7895652884f31bc0d94cd39868617b1c47bb5cae5e5fa23689e4480_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:9850fe55e07917fc01f1562f3e4ba555c7c1a7ee9bc93edb3ec6e47b45671163_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:a57734fe379ec378107c03068b4fce04ae186656352c810b5db2b91bf8ca1eb1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:7a5453ebb841bfcaae1b15c823a6ca2e4714d4028a457d5687d412ee568c2062_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:cc48d9258a74255d7b46dbba8550a224fa97dc5f5fe095093d6e72e1a22a8461_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:d28a834892e0339001e0c414ad1eb697a9d822e5638b8422ae6f2950036bb858_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:f8d74fced944874bb10872332c1fb3884b03cb68449ffad4bb8633d70e700745_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:0f39666f8f6365d09cd0716348344adb091fa47171810fbf821088b5a12978fd_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:a10ba2206c5d95f2df3e198ddc002ee354272e8660acb4ea68797083f35dba6d_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:adfa7c9d11670bf55289595d6d21124741586c1116e3f5427a5fd350e140d094_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:c045f9b0e496240b907d0ba572fc1bbd0a12e1510115ff1884e3a7226206500c_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:4a587f8153ff2a466414fb69e288f754da2b9f43154ba1ede5e9493a6d43c587_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:574a52d17bd38da7882a32dedbb991ce81b5a67b8fdffe68e51ca477f790d0e1_amd64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:b8c5202df848f0b13960183434c382ae188ed2fa728bc5437e47622ec948c443_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:bace0a9040688db829cccfd83579e0a88ab08991b2ff6dc1064af72a14d5b2f7_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d13900e0094bac295a523436594d568101888ab10732c297c4ab01ad92d5a296_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:01162aa8ce5c48b47301fd4c9a6835fda1b36358804c3ad50a5230fd151d2916_ppc64le",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:32009013a53f53faeb9107e06f8c654cdaaaa1233bcecdee290e9592df77b968_s390x",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:84eb26e40548fbeba8e3b0a85dd167d74c2cdc0909523d25e4942fe22e77eebb_arm64",
"Multicluster Global Hub 1.5.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:ecb1b97101f371f6159e3ca2eecb8be0fb04019ce379e5cc7936c146150cc36c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nats-server: WebSockets pre-auth memory DoS"
}
]
}
RHSA-2026:5146
Vulnerability from csaf_redhat - Published: 2026-03-19 16:04 - Updated: 2026-07-01 00:13A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for yggdrasil is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "yggdrasil is a system daemon that subscribes to topics on an MQTT broker and routes any data received on the topics to an appropriate child \"worker\" process, exchanging data with its worker processes through a D-Bus message broker.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5146",
"url": "https://access.redhat.com/errata/RHSA-2026:5146"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5146.json"
}
],
"title": "Red Hat Security Advisory: yggdrasil security update",
"tracking": {
"current_release_date": "2026-07-01T00:13:34+00:00",
"generator": {
"date": "2026-07-01T00:13:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:5146",
"initial_release_date": "2026-03-19T16:04:46+00:00",
"revision_history": [
{
"date": "2026-03-19T16:04:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-19T16:04:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T00:13:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "yggdrasil-0:0.4.8-3.el10_1.src",
"product": {
"name": "yggdrasil-0:0.4.8-3.el10_1.src",
"product_id": "yggdrasil-0:0.4.8-3.el10_1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil@0.4.8-3.el10_1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "yggdrasil-0:0.4.8-3.el10_1.aarch64",
"product": {
"name": "yggdrasil-0:0.4.8-3.el10_1.aarch64",
"product_id": "yggdrasil-0:0.4.8-3.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil@0.4.8-3.el10_1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64",
"product": {
"name": "yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64",
"product_id": "yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-debugsource@0.4.8-3.el10_1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64",
"product": {
"name": "yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64",
"product_id": "yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-debuginfo@0.4.8-3.el10_1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64",
"product": {
"name": "yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64",
"product_id": "yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-examples-debuginfo@0.4.8-3.el10_1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-devel-0:0.4.8-3.el10_1.aarch64",
"product": {
"name": "yggdrasil-devel-0:0.4.8-3.el10_1.aarch64",
"product_id": "yggdrasil-devel-0:0.4.8-3.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-devel@0.4.8-3.el10_1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "yggdrasil-0:0.4.8-3.el10_1.ppc64le",
"product": {
"name": "yggdrasil-0:0.4.8-3.el10_1.ppc64le",
"product_id": "yggdrasil-0:0.4.8-3.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil@0.4.8-3.el10_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le",
"product": {
"name": "yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le",
"product_id": "yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-debugsource@0.4.8-3.el10_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"product": {
"name": "yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"product_id": "yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-debuginfo@0.4.8-3.el10_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"product": {
"name": "yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"product_id": "yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-examples-debuginfo@0.4.8-3.el10_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-devel-0:0.4.8-3.el10_1.ppc64le",
"product": {
"name": "yggdrasil-devel-0:0.4.8-3.el10_1.ppc64le",
"product_id": "yggdrasil-devel-0:0.4.8-3.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-devel@0.4.8-3.el10_1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "yggdrasil-0:0.4.8-3.el10_1.s390x",
"product": {
"name": "yggdrasil-0:0.4.8-3.el10_1.s390x",
"product_id": "yggdrasil-0:0.4.8-3.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil@0.4.8-3.el10_1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x",
"product": {
"name": "yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x",
"product_id": "yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-debugsource@0.4.8-3.el10_1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x",
"product": {
"name": "yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x",
"product_id": "yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-debuginfo@0.4.8-3.el10_1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x",
"product": {
"name": "yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x",
"product_id": "yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-examples-debuginfo@0.4.8-3.el10_1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-devel-0:0.4.8-3.el10_1.s390x",
"product": {
"name": "yggdrasil-devel-0:0.4.8-3.el10_1.s390x",
"product_id": "yggdrasil-devel-0:0.4.8-3.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-devel@0.4.8-3.el10_1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "yggdrasil-0:0.4.8-3.el10_1.x86_64",
"product": {
"name": "yggdrasil-0:0.4.8-3.el10_1.x86_64",
"product_id": "yggdrasil-0:0.4.8-3.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil@0.4.8-3.el10_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64",
"product": {
"name": "yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64",
"product_id": "yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-debugsource@0.4.8-3.el10_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64",
"product": {
"name": "yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64",
"product_id": "yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-debuginfo@0.4.8-3.el10_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64",
"product": {
"name": "yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64",
"product_id": "yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-examples-debuginfo@0.4.8-3.el10_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-devel-0:0.4.8-3.el10_1.x86_64",
"product": {
"name": "yggdrasil-devel-0:0.4.8-3.el10_1.x86_64",
"product_id": "yggdrasil-devel-0:0.4.8-3.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-devel@0.4.8-3.el10_1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.4.8-3.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.aarch64"
},
"product_reference": "yggdrasil-0:0.4.8-3.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.4.8-3.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.ppc64le"
},
"product_reference": "yggdrasil-0:0.4.8-3.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.4.8-3.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.s390x"
},
"product_reference": "yggdrasil-0:0.4.8-3.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.4.8-3.el10_1.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.src"
},
"product_reference": "yggdrasil-0:0.4.8-3.el10_1.src",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-0:0.4.8-3.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.x86_64"
},
"product_reference": "yggdrasil-0:0.4.8-3.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64"
},
"product_reference": "yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le"
},
"product_reference": "yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x"
},
"product_reference": "yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64"
},
"product_reference": "yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64"
},
"product_reference": "yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le"
},
"product_reference": "yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x"
},
"product_reference": "yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64"
},
"product_reference": "yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64"
},
"product_reference": "yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le"
},
"product_reference": "yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x"
},
"product_reference": "yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64"
},
"product_reference": "yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64"
},
"product_reference": "yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le"
},
"product_reference": "yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x"
},
"product_reference": "yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64"
},
"product_reference": "yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64"
},
"product_reference": "yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le"
},
"product_reference": "yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x"
},
"product_reference": "yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64"
},
"product_reference": "yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-devel-0:0.4.8-3.el10_1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.aarch64"
},
"product_reference": "yggdrasil-devel-0:0.4.8-3.el10_1.aarch64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-devel-0:0.4.8-3.el10_1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.ppc64le"
},
"product_reference": "yggdrasil-devel-0:0.4.8-3.el10_1.ppc64le",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-devel-0:0.4.8-3.el10_1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.s390x"
},
"product_reference": "yggdrasil-devel-0:0.4.8-3.el10_1.s390x",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-devel-0:0.4.8-3.el10_1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.x86_64"
},
"product_reference": "yggdrasil-devel-0:0.4.8-3.el10_1.x86_64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64"
},
"product_reference": "yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le"
},
"product_reference": "yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x"
},
"product_reference": "yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64"
},
"product_reference": "yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64",
"relates_to_product_reference": "CRB-10.1.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.src",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.x86_64",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T16:04:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.src",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.x86_64",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5146"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.src",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.x86_64",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.src",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.x86_64",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.src",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.x86_64",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T16:04:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.src",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.x86_64",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5146"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.src",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.x86_64",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.src",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.x86_64",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T16:04:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.src",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.x86_64",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5146"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.src",
"AppStream-10.1.Z:yggdrasil-0:0.4.8-3.el10_1.x86_64",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x",
"AppStream-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-debuginfo-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-debugsource-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-devel-0:0.4.8-3.el10_1.x86_64",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.aarch64",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.ppc64le",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.s390x",
"CRB-10.1.Z:yggdrasil-examples-debuginfo-0:0.4.8-3.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
}
]
}
RHSA-2026:5327
Vulnerability from csaf_redhat - Published: 2026-03-23 07:40 - Updated: 2026-07-01 00:17A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for osbuild-composer is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5327",
"url": "https://access.redhat.com/errata/RHSA-2026:5327"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5327.json"
}
],
"title": "Red Hat Security Advisory: osbuild-composer security update",
"tracking": {
"current_release_date": "2026-07-01T00:17:02+00:00",
"generator": {
"date": "2026-07-01T00:17:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:5327",
"initial_release_date": "2026-03-23T07:40:40+00:00",
"revision_history": [
{
"date": "2026-03-23T07:40:40+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-23T07:40:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T00:17:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:76.1-5.el9_2.x86_64",
"product": {
"name": "osbuild-composer-0:76.1-5.el9_2.x86_64",
"product_id": "osbuild-composer-0:76.1-5.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@76.1-5.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:76.1-5.el9_2.x86_64",
"product": {
"name": "osbuild-composer-core-0:76.1-5.el9_2.x86_64",
"product_id": "osbuild-composer-core-0:76.1-5.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@76.1-5.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-dnf-json-0:76.1-5.el9_2.x86_64",
"product": {
"name": "osbuild-composer-dnf-json-0:76.1-5.el9_2.x86_64",
"product_id": "osbuild-composer-dnf-json-0:76.1-5.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-dnf-json@76.1-5.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:76.1-5.el9_2.x86_64",
"product": {
"name": "osbuild-composer-worker-0:76.1-5.el9_2.x86_64",
"product_id": "osbuild-composer-worker-0:76.1-5.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@76.1-5.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:76.1-5.el9_2.x86_64",
"product": {
"name": "osbuild-composer-debugsource-0:76.1-5.el9_2.x86_64",
"product_id": "osbuild-composer-debugsource-0:76.1-5.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@76.1-5.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:76.1-5.el9_2.x86_64",
"product": {
"name": "osbuild-composer-core-debuginfo-0:76.1-5.el9_2.x86_64",
"product_id": "osbuild-composer-core-debuginfo-0:76.1-5.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@76.1-5.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:76.1-5.el9_2.x86_64",
"product": {
"name": "osbuild-composer-debuginfo-0:76.1-5.el9_2.x86_64",
"product_id": "osbuild-composer-debuginfo-0:76.1-5.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@76.1-5.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.x86_64",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.x86_64",
"product_id": "osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@76.1-5.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.x86_64",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.x86_64",
"product_id": "osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@76.1-5.el9_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:76.1-5.el9_2.src",
"product": {
"name": "osbuild-composer-0:76.1-5.el9_2.src",
"product_id": "osbuild-composer-0:76.1-5.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@76.1-5.el9_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:76.1-5.el9_2.aarch64",
"product": {
"name": "osbuild-composer-0:76.1-5.el9_2.aarch64",
"product_id": "osbuild-composer-0:76.1-5.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@76.1-5.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:76.1-5.el9_2.aarch64",
"product": {
"name": "osbuild-composer-core-0:76.1-5.el9_2.aarch64",
"product_id": "osbuild-composer-core-0:76.1-5.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@76.1-5.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-dnf-json-0:76.1-5.el9_2.aarch64",
"product": {
"name": "osbuild-composer-dnf-json-0:76.1-5.el9_2.aarch64",
"product_id": "osbuild-composer-dnf-json-0:76.1-5.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-dnf-json@76.1-5.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:76.1-5.el9_2.aarch64",
"product": {
"name": "osbuild-composer-worker-0:76.1-5.el9_2.aarch64",
"product_id": "osbuild-composer-worker-0:76.1-5.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@76.1-5.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:76.1-5.el9_2.aarch64",
"product": {
"name": "osbuild-composer-debugsource-0:76.1-5.el9_2.aarch64",
"product_id": "osbuild-composer-debugsource-0:76.1-5.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@76.1-5.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:76.1-5.el9_2.aarch64",
"product": {
"name": "osbuild-composer-core-debuginfo-0:76.1-5.el9_2.aarch64",
"product_id": "osbuild-composer-core-debuginfo-0:76.1-5.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@76.1-5.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:76.1-5.el9_2.aarch64",
"product": {
"name": "osbuild-composer-debuginfo-0:76.1-5.el9_2.aarch64",
"product_id": "osbuild-composer-debuginfo-0:76.1-5.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@76.1-5.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.aarch64",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.aarch64",
"product_id": "osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@76.1-5.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.aarch64",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.aarch64",
"product_id": "osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@76.1-5.el9_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:76.1-5.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-0:76.1-5.el9_2.ppc64le",
"product_id": "osbuild-composer-0:76.1-5.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@76.1-5.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:76.1-5.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-core-0:76.1-5.el9_2.ppc64le",
"product_id": "osbuild-composer-core-0:76.1-5.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@76.1-5.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-dnf-json-0:76.1-5.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-dnf-json-0:76.1-5.el9_2.ppc64le",
"product_id": "osbuild-composer-dnf-json-0:76.1-5.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-dnf-json@76.1-5.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:76.1-5.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-worker-0:76.1-5.el9_2.ppc64le",
"product_id": "osbuild-composer-worker-0:76.1-5.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@76.1-5.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:76.1-5.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-debugsource-0:76.1-5.el9_2.ppc64le",
"product_id": "osbuild-composer-debugsource-0:76.1-5.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@76.1-5.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:76.1-5.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-core-debuginfo-0:76.1-5.el9_2.ppc64le",
"product_id": "osbuild-composer-core-debuginfo-0:76.1-5.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@76.1-5.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:76.1-5.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-debuginfo-0:76.1-5.el9_2.ppc64le",
"product_id": "osbuild-composer-debuginfo-0:76.1-5.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@76.1-5.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.ppc64le",
"product_id": "osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@76.1-5.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.ppc64le",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.ppc64le",
"product_id": "osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@76.1-5.el9_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:76.1-5.el9_2.s390x",
"product": {
"name": "osbuild-composer-0:76.1-5.el9_2.s390x",
"product_id": "osbuild-composer-0:76.1-5.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@76.1-5.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:76.1-5.el9_2.s390x",
"product": {
"name": "osbuild-composer-core-0:76.1-5.el9_2.s390x",
"product_id": "osbuild-composer-core-0:76.1-5.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@76.1-5.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-dnf-json-0:76.1-5.el9_2.s390x",
"product": {
"name": "osbuild-composer-dnf-json-0:76.1-5.el9_2.s390x",
"product_id": "osbuild-composer-dnf-json-0:76.1-5.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-dnf-json@76.1-5.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:76.1-5.el9_2.s390x",
"product": {
"name": "osbuild-composer-worker-0:76.1-5.el9_2.s390x",
"product_id": "osbuild-composer-worker-0:76.1-5.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@76.1-5.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:76.1-5.el9_2.s390x",
"product": {
"name": "osbuild-composer-debugsource-0:76.1-5.el9_2.s390x",
"product_id": "osbuild-composer-debugsource-0:76.1-5.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@76.1-5.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:76.1-5.el9_2.s390x",
"product": {
"name": "osbuild-composer-core-debuginfo-0:76.1-5.el9_2.s390x",
"product_id": "osbuild-composer-core-debuginfo-0:76.1-5.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@76.1-5.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:76.1-5.el9_2.s390x",
"product": {
"name": "osbuild-composer-debuginfo-0:76.1-5.el9_2.s390x",
"product_id": "osbuild-composer-debuginfo-0:76.1-5.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@76.1-5.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.s390x",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.s390x",
"product_id": "osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@76.1-5.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.s390x",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.s390x",
"product_id": "osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@76.1-5.el9_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:76.1-5.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.aarch64"
},
"product_reference": "osbuild-composer-0:76.1-5.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:76.1-5.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-0:76.1-5.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:76.1-5.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.s390x"
},
"product_reference": "osbuild-composer-0:76.1-5.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:76.1-5.el9_2.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.src"
},
"product_reference": "osbuild-composer-0:76.1-5.el9_2.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:76.1-5.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.x86_64"
},
"product_reference": "osbuild-composer-0:76.1-5.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:76.1-5.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.aarch64"
},
"product_reference": "osbuild-composer-core-0:76.1-5.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:76.1-5.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-core-0:76.1-5.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:76.1-5.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.s390x"
},
"product_reference": "osbuild-composer-core-0:76.1-5.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:76.1-5.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.x86_64"
},
"product_reference": "osbuild-composer-core-0:76.1-5.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:76.1-5.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.aarch64"
},
"product_reference": "osbuild-composer-core-debuginfo-0:76.1-5.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:76.1-5.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-core-debuginfo-0:76.1-5.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:76.1-5.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.s390x"
},
"product_reference": "osbuild-composer-core-debuginfo-0:76.1-5.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:76.1-5.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.x86_64"
},
"product_reference": "osbuild-composer-core-debuginfo-0:76.1-5.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:76.1-5.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.aarch64"
},
"product_reference": "osbuild-composer-debuginfo-0:76.1-5.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:76.1-5.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-debuginfo-0:76.1-5.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:76.1-5.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.s390x"
},
"product_reference": "osbuild-composer-debuginfo-0:76.1-5.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:76.1-5.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.x86_64"
},
"product_reference": "osbuild-composer-debuginfo-0:76.1-5.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:76.1-5.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.aarch64"
},
"product_reference": "osbuild-composer-debugsource-0:76.1-5.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:76.1-5.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-debugsource-0:76.1-5.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:76.1-5.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.s390x"
},
"product_reference": "osbuild-composer-debugsource-0:76.1-5.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:76.1-5.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.x86_64"
},
"product_reference": "osbuild-composer-debugsource-0:76.1-5.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-dnf-json-0:76.1-5.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.aarch64"
},
"product_reference": "osbuild-composer-dnf-json-0:76.1-5.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-dnf-json-0:76.1-5.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-dnf-json-0:76.1-5.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-dnf-json-0:76.1-5.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.s390x"
},
"product_reference": "osbuild-composer-dnf-json-0:76.1-5.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-dnf-json-0:76.1-5.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.x86_64"
},
"product_reference": "osbuild-composer-dnf-json-0:76.1-5.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.aarch64"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.s390x"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.x86_64"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:76.1-5.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.aarch64"
},
"product_reference": "osbuild-composer-worker-0:76.1-5.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:76.1-5.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-worker-0:76.1-5.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:76.1-5.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.s390x"
},
"product_reference": "osbuild-composer-worker-0:76.1-5.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:76.1-5.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.x86_64"
},
"product_reference": "osbuild-composer-worker-0:76.1-5.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.aarch64"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.ppc64le"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.s390x"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.x86_64"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.src",
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-23T07:40:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.src",
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5327"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.src",
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.src",
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.src",
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-23T07:40:40+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.src",
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5327"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.src",
"AppStream-9.2.0.Z.E4S:osbuild-composer-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-core-debuginfo-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debuginfo-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-debugsource-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-dnf-json-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-tests-debuginfo-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-0:76.1-5.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:osbuild-composer-worker-debuginfo-0:76.1-5.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
}
]
}
RHSA-2026:5394
Vulnerability from csaf_redhat - Published: 2026-03-23 13:04 - Updated: 2026-07-01 00:13A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64 | — |
Workaround
|
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64 | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64 | — | ||
| Unresolved product id: Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64 | — |
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64 | — | ||
| Unresolved product id: Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64 | — | ||
| Unresolved product id: Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64 | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated container images are now available for director Operator for Red Hat OpenStack Platform 17.1 (Wallaby) for RHEL 9.2.\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud running on commonly available physical hardware.\n\nThe Red Hat OpenStack Platform (RHOSP) director Operator adds the ability to install and run a RHOSP cloud within OpenShift Container Platform (OCP).\n\nSecurity Fixes:\n * Unexpected session resumption in crypto/tls (CVE-2025-68121)\n * Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n * Excessive resource consumption when printing error string for host certificate validation in crypto/x509 (CVE-2025-61729)\n * Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5394",
"url": "https://access.redhat.com/errata/RHSA-2026:5394"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/software/containers/search",
"url": "https://catalog.redhat.com/software/containers/search"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5394.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 director Operator container images",
"tracking": {
"current_release_date": "2026-07-01T00:13:39+00:00",
"generator": {
"date": "2026-07-01T00:13:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:5394",
"initial_release_date": "2026-03-23T13:04:11+00:00",
"revision_history": [
{
"date": "2026-03-23T13:04:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-23T13:04:19+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T00:13:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 17.1",
"product": {
"name": "Red Hat OpenStack Platform 17.1",
"product_id": "Red Hat OpenStack Platform 17.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:17.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64",
"product": {
"name": "registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64",
"product_id": "registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osp-director-agent@sha256%3A104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c?arch=amd64\u0026repository_url=registry.redhat.io/rhosp-rhel9\u0026tag=1773255177"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
"product": {
"name": "registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
"product_id": "registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osp-director-downloader@sha256%3Adfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6?arch=amd64\u0026repository_url=registry.redhat.io/rhosp-rhel9\u0026tag=1773255141"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64",
"product": {
"name": "registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64",
"product_id": "registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osp-director-operator-bundle@sha256%3A9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757?arch=amd64\u0026repository_url=registry.redhat.io/rhosp-rhel9\u0026tag=1773259990"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64",
"product": {
"name": "registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64",
"product_id": "registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osp-director-operator@sha256%3A6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3?arch=amd64\u0026repository_url=registry.redhat.io/rhosp-rhel9\u0026tag=1773255175"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64 as a component of Red Hat OpenStack Platform 17.1",
"product_id": "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64"
},
"product_reference": "registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64",
"relates_to_product_reference": "Red Hat OpenStack Platform 17.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64 as a component of Red Hat OpenStack Platform 17.1",
"product_id": "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64"
},
"product_reference": "registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
"relates_to_product_reference": "Red Hat OpenStack Platform 17.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64 as a component of Red Hat OpenStack Platform 17.1",
"product_id": "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64"
},
"product_reference": "registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64",
"relates_to_product_reference": "Red Hat OpenStack Platform 17.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64 as a component of Red Hat OpenStack Platform 17.1",
"product_id": "Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64"
},
"product_reference": "registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64",
"relates_to_product_reference": "Red Hat OpenStack Platform 17.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64"
],
"known_not_affected": [
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-23T13:04:11+00:00",
"details": "The container images provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io or registry.access.redhat.com using the \u0027podman pull\u0027 command.\n\nFor more information about the images, search the image name in the Red Hat Ecosystem Catalog.",
"product_ids": [
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5394"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64"
],
"known_not_affected": [
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-23T13:04:11+00:00",
"details": "The container images provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io or registry.access.redhat.com using the \u0027podman pull\u0027 command.\n\nFor more information about the images, search the image name in the Red Hat Ecosystem Catalog.",
"product_ids": [
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5394"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64"
],
"known_not_affected": [
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-23T13:04:11+00:00",
"details": "The container images provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io or registry.access.redhat.com using the \u0027podman pull\u0027 command.\n\nFor more information about the images, search the image name in the Red Hat Ecosystem Catalog.",
"product_ids": [
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5394"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64"
],
"known_not_affected": [
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-23T13:04:11+00:00",
"details": "The container images provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io or registry.access.redhat.com using the \u0027podman pull\u0027 command.\n\nFor more information about the images, search the image name in the Red Hat Ecosystem Catalog.",
"product_ids": [
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5394"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-agent@sha256:104de5ab607f2da597f8671bbb873e45c7d7c0ececa370f585841022a924aa5c_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-downloader@sha256:dfdc74ce40312f0452b1c88bad6af9501791478ca7e993dc9be08bf80c9df7b6_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle@sha256:9e6062e860439d2153e9d5cab6d53fab1eef32b8c1f5bdfb89da9e90bac24757_amd64",
"Red Hat OpenStack Platform 17.1:registry.redhat.io/rhosp-rhel9/osp-director-operator@sha256:6c43dc4baff26701f0e818eecd3ee0d85113cb894b0cfc0ddf5bd23bdbfeb9a3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
}
]
}
RHSA-2026:5461
Vulnerability from csaf_redhat - Published: 2026-03-23 17:44 - Updated: 2026-07-01 00:17A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:osbuild-composer-0:28.7-5.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:osbuild-composer-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:osbuild-composer-core-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:osbuild-composer-core-debuginfo-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:osbuild-composer-debuginfo-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:osbuild-composer-debugsource-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:osbuild-composer-tests-debuginfo-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:osbuild-composer-worker-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:osbuild-composer-worker-debuginfo-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-0:28.7-5.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-core-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-core-debuginfo-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-debuginfo-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-debugsource-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-tests-debuginfo-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-worker-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-worker-debuginfo-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:osbuild-composer-0:28.7-5.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:osbuild-composer-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:osbuild-composer-core-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:osbuild-composer-core-debuginfo-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:osbuild-composer-debuginfo-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:osbuild-composer-debugsource-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:osbuild-composer-tests-debuginfo-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:osbuild-composer-worker-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:osbuild-composer-worker-debuginfo-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-0:28.7-5.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-core-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-core-debuginfo-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-debuginfo-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-debugsource-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-tests-debuginfo-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-worker-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-worker-debuginfo-0:28.7-5.el8_4.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for osbuild-composer is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "An image building service based on osbuild It is inspired by lorax-composer and exposes the same API. As such, it is a drop-in replacement.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5461",
"url": "https://access.redhat.com/errata/RHSA-2026:5461"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5461.json"
}
],
"title": "Red Hat Security Advisory: osbuild-composer security update",
"tracking": {
"current_release_date": "2026-07-01T00:17:04+00:00",
"generator": {
"date": "2026-07-01T00:17:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:5461",
"initial_release_date": "2026-03-23T17:44:49+00:00",
"revision_history": [
{
"date": "2026-03-23T17:44:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-23T17:44:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T00:17:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:28.7-5.el8_4.src",
"product": {
"name": "osbuild-composer-0:28.7-5.el8_4.src",
"product_id": "osbuild-composer-0:28.7-5.el8_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@28.7-5.el8_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:28.7-5.el8_4.x86_64",
"product": {
"name": "osbuild-composer-0:28.7-5.el8_4.x86_64",
"product_id": "osbuild-composer-0:28.7-5.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@28.7-5.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:28.7-5.el8_4.x86_64",
"product": {
"name": "osbuild-composer-core-0:28.7-5.el8_4.x86_64",
"product_id": "osbuild-composer-core-0:28.7-5.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@28.7-5.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:28.7-5.el8_4.x86_64",
"product": {
"name": "osbuild-composer-worker-0:28.7-5.el8_4.x86_64",
"product_id": "osbuild-composer-worker-0:28.7-5.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@28.7-5.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:28.7-5.el8_4.x86_64",
"product": {
"name": "osbuild-composer-debugsource-0:28.7-5.el8_4.x86_64",
"product_id": "osbuild-composer-debugsource-0:28.7-5.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@28.7-5.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:28.7-5.el8_4.x86_64",
"product": {
"name": "osbuild-composer-core-debuginfo-0:28.7-5.el8_4.x86_64",
"product_id": "osbuild-composer-core-debuginfo-0:28.7-5.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@28.7-5.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:28.7-5.el8_4.x86_64",
"product": {
"name": "osbuild-composer-debuginfo-0:28.7-5.el8_4.x86_64",
"product_id": "osbuild-composer-debuginfo-0:28.7-5.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@28.7-5.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:28.7-5.el8_4.x86_64",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:28.7-5.el8_4.x86_64",
"product_id": "osbuild-composer-tests-debuginfo-0:28.7-5.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@28.7-5.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:28.7-5.el8_4.x86_64",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:28.7-5.el8_4.x86_64",
"product_id": "osbuild-composer-worker-debuginfo-0:28.7-5.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@28.7-5.el8_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:28.7-5.el8_4.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:osbuild-composer-0:28.7-5.el8_4.src"
},
"product_reference": "osbuild-composer-0:28.7-5.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:28.7-5.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:osbuild-composer-0:28.7-5.el8_4.x86_64"
},
"product_reference": "osbuild-composer-0:28.7-5.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:28.7-5.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:osbuild-composer-core-0:28.7-5.el8_4.x86_64"
},
"product_reference": "osbuild-composer-core-0:28.7-5.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:28.7-5.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:osbuild-composer-core-debuginfo-0:28.7-5.el8_4.x86_64"
},
"product_reference": "osbuild-composer-core-debuginfo-0:28.7-5.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:28.7-5.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:osbuild-composer-debuginfo-0:28.7-5.el8_4.x86_64"
},
"product_reference": "osbuild-composer-debuginfo-0:28.7-5.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:28.7-5.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:osbuild-composer-debugsource-0:28.7-5.el8_4.x86_64"
},
"product_reference": "osbuild-composer-debugsource-0:28.7-5.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:28.7-5.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:osbuild-composer-tests-debuginfo-0:28.7-5.el8_4.x86_64"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:28.7-5.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:28.7-5.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:osbuild-composer-worker-0:28.7-5.el8_4.x86_64"
},
"product_reference": "osbuild-composer-worker-0:28.7-5.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:28.7-5.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:osbuild-composer-worker-debuginfo-0:28.7-5.el8_4.x86_64"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:28.7-5.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:28.7-5.el8_4.src as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-0:28.7-5.el8_4.src"
},
"product_reference": "osbuild-composer-0:28.7-5.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:28.7-5.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-0:28.7-5.el8_4.x86_64"
},
"product_reference": "osbuild-composer-0:28.7-5.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:28.7-5.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-core-0:28.7-5.el8_4.x86_64"
},
"product_reference": "osbuild-composer-core-0:28.7-5.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:28.7-5.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-core-debuginfo-0:28.7-5.el8_4.x86_64"
},
"product_reference": "osbuild-composer-core-debuginfo-0:28.7-5.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:28.7-5.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-debuginfo-0:28.7-5.el8_4.x86_64"
},
"product_reference": "osbuild-composer-debuginfo-0:28.7-5.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:28.7-5.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-debugsource-0:28.7-5.el8_4.x86_64"
},
"product_reference": "osbuild-composer-debugsource-0:28.7-5.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:28.7-5.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-tests-debuginfo-0:28.7-5.el8_4.x86_64"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:28.7-5.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:28.7-5.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-worker-0:28.7-5.el8_4.x86_64"
},
"product_reference": "osbuild-composer-worker-0:28.7-5.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:28.7-5.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-worker-debuginfo-0:28.7-5.el8_4.x86_64"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:28.7-5.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:osbuild-composer-0:28.7-5.el8_4.src",
"AppStream-8.4.0.Z.AUS:osbuild-composer-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-core-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-core-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-debugsource-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-tests-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-worker-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-worker-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-0:28.7-5.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-core-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-core-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-debugsource-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-tests-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-worker-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-worker-debuginfo-0:28.7-5.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-23T17:44:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:osbuild-composer-0:28.7-5.el8_4.src",
"AppStream-8.4.0.Z.AUS:osbuild-composer-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-core-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-core-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-debugsource-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-tests-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-worker-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-worker-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-0:28.7-5.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-core-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-core-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-debugsource-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-tests-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-worker-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-worker-debuginfo-0:28.7-5.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5461"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:osbuild-composer-0:28.7-5.el8_4.src",
"AppStream-8.4.0.Z.AUS:osbuild-composer-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-core-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-core-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-debugsource-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-tests-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-worker-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-worker-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-0:28.7-5.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-core-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-core-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-debugsource-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-tests-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-worker-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-worker-debuginfo-0:28.7-5.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:osbuild-composer-0:28.7-5.el8_4.src",
"AppStream-8.4.0.Z.AUS:osbuild-composer-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-core-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-core-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-debugsource-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-tests-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-worker-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-worker-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-0:28.7-5.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-core-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-core-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-debugsource-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-tests-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-worker-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-worker-debuginfo-0:28.7-5.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:osbuild-composer-0:28.7-5.el8_4.src",
"AppStream-8.4.0.Z.AUS:osbuild-composer-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-core-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-core-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-debugsource-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-tests-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-worker-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-worker-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-0:28.7-5.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-core-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-core-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-debugsource-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-tests-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-worker-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-worker-debuginfo-0:28.7-5.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-23T17:44:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:osbuild-composer-0:28.7-5.el8_4.src",
"AppStream-8.4.0.Z.AUS:osbuild-composer-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-core-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-core-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-debugsource-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-tests-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-worker-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-worker-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-0:28.7-5.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-core-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-core-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-debugsource-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-tests-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-worker-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-worker-debuginfo-0:28.7-5.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5461"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:osbuild-composer-0:28.7-5.el8_4.src",
"AppStream-8.4.0.Z.AUS:osbuild-composer-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-core-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-core-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-debugsource-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-tests-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-worker-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:osbuild-composer-worker-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-0:28.7-5.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-core-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-core-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-debugsource-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-tests-debuginfo-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-worker-0:28.7-5.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:osbuild-composer-worker-debuginfo-0:28.7-5.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.