Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-33811 (GCVE-0-2026-33811)
Vulnerability from cvelistv5 – Published: 2026-05-07 19:41 – Updated: 2026-07-02 12:04{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-33811",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-08T14:25:39.702568Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-08T14:25:43.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:6.4::el9"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift 6.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:assisted_installer:2"
],
"defaultStatus": "affected",
"product": "Assisted Installer for Red Hat OpenShift Container Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_builds:1"
],
"defaultStatus": "affected",
"product": "Builds for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cert_manager:1"
],
"defaultStatus": "affected",
"product": "cert-manager Operator for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_compliance_operator:1"
],
"defaultStatus": "affected",
"product": "Compliance Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1"
],
"defaultStatus": "affected",
"product": "Confidential Compute Attestation",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "affected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_custom_metrics_autoscaler:2"
],
"defaultStatus": "affected",
"product": "Custom Metric Autoscaler operator for Red Hat Openshift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:deployment_validator_operator"
],
"defaultStatus": "affected",
"product": "Deployment Validation Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:external_secrets_operator:1"
],
"defaultStatus": "affected",
"product": "External Secrets Operator for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_far:0"
],
"defaultStatus": "affected",
"product": "Fence Agents Remediation Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_file_integrity_operator:1"
],
"defaultStatus": "affected",
"product": "File Integrity Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:gatekeeper:3"
],
"defaultStatus": "affected",
"product": "Gatekeeper 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:6"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:lvms:4"
],
"defaultStatus": "affected",
"product": "Logical Volume Manager Storage",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_mdr:0"
],
"defaultStatus": "affected",
"product": "Machine Deletion Remediation Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_applications:8"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Applications 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhmt:1"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Containers",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:mirror_registry:1"
],
"defaultStatus": "affected",
"product": "mirror registry for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:mirror_registry:2"
],
"defaultStatus": "affected",
"product": "mirror registry for Red Hat OpenShift 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multiarch_tuning_operator"
],
"defaultStatus": "affected",
"product": "Multiarch Tuning Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "affected",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_globalhub"
],
"defaultStatus": "affected",
"product": "Multicluster Global Hub",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1"
],
"defaultStatus": "affected",
"product": "Network Observability Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_nhc:0"
],
"defaultStatus": "affected",
"product": "Node HealthCheck Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_api_data_protection:1"
],
"defaultStatus": "affected",
"product": "OpenShift API for Data Protection",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ocp_tools"
],
"defaultStatus": "affected",
"product": "OpenShift Developer Tools and Services",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_lightspeed"
],
"defaultStatus": "affected",
"product": "OpenShift Lightspeed",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:serverless:1"
],
"defaultStatus": "affected",
"product": "OpenShift Serverless",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:source_to_image:1"
],
"defaultStatus": "affected",
"product": "OpenShift Source-to-Image (S2I)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_power_monitoring"
],
"defaultStatus": "affected",
"product": "Power monitoring for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_registry:2"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apicurio Registry 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ceph_storage:5"
],
"defaultStatus": "affected",
"product": "Red Hat Ceph Storage 5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ceph_storage:6"
],
"defaultStatus": "affected",
"product": "Red Hat Ceph Storage 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ceph_storage:9"
],
"defaultStatus": "affected",
"product": "Red Hat Ceph Storage 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:certifications:9"
],
"defaultStatus": "affected",
"product": "Red Hat Certification Program for Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:connectivity_link:1"
],
"defaultStatus": "affected",
"product": "Red Hat Connectivity Link 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:edge_manager:1"
],
"defaultStatus": "affected",
"product": "Red Hat Edge Manager 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:lightspeed_for_runtimes:1"
],
"defaultStatus": "affected",
"product": "Red Hat Lightspeed for Runtimes Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_cluster_manager_cli:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Cluster Manager CLI",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:devworkspace"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Workspaces Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift distributed tracing 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:windows_machine_config"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift for Windows Containers",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_gitops:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift GitOps",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_service_on_aws:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift on AWS",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:16.2"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack Platform 16.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:17.1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack Platform 17.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:18.0"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack Platform 18.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_interconnect:1"
],
"defaultStatus": "affected",
"product": "Red Hat Service Interconnect 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_interconnect:2"
],
"defaultStatus": "affected",
"product": "Red Hat Service Interconnect 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Artifact Signer",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_security_profiles_operator:1"
],
"defaultStatus": "affected",
"product": "Security Profiles Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:stf:1.5"
],
"defaultStatus": "affected",
"product": "Service Telemetry Framework 1.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:3"
],
"defaultStatus": "affected",
"product": "streams for Apache Kafka 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:zero_trust_workload_identity_manager:1"
],
"defaultStatus": "affected",
"product": "Zero Trust Workload Identity Manager",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:zero_trust_workload_identity_manager:0"
],
"defaultStatus": "affected",
"product": "Zero Trust Workload Identity Manager - Tech Preview",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_3scale_amp:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat 3scale API Management Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_clients:2023"
],
"defaultStatus": "unaffected",
"product": "Red Hat AMQ Clients",
"vendor": "Red Hat"
}
],
"datePublic": "2026-05-07T19:41:19.285Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1341",
"description": "Multiple Releases of Same Resource or Handle",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T12:04:50.996Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"name": "RHBZ#2467822",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467822"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33811.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34357"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34359"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34364"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23264"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33120"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33123"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33142"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33150"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:34357: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:34359: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:34364: Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"lang": "en",
"value": "RHSA-2026:33574: Red Hat Developer Hub 1.9"
},
{
"lang": "en",
"value": "RHSA-2026:23262: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:23264: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:33120: Red Hat OpenShift Service Mesh 3.0"
},
{
"lang": "en",
"value": "RHSA-2026:33123: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:33142: Red Hat OpenShift Service Mesh 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:33150: Red Hat OpenShift Service Mesh 3.3"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-07T20:01:34.913Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-07T19:41:19.285Z",
"value": "Made public."
}
],
"title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, applications can be configured to use the pure Go DNS resolver instead of the `cgo` DNS resolver. This can be achieved by setting the `GODEBUG` environment variable to `netdns=go`. For example, to run a Go application with this mitigation: `GODEBUG=netdns=go /path/to/your/go/application`. This change may require restarting affected applications or services to take effect. Users should verify that this change does not negatively impact DNS resolution for their specific application environment."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "net",
"product": "net",
"programRoutines": [
{
"name": "cgoResSearch"
},
{
"name": "LookupCNAME"
},
{
"name": "Resolver.LookupCNAME"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.25.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.26.3",
"status": "affected",
"version": "1.26.0-0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "hamayanhamayan"
}
],
"descriptions": [
{
"lang": "en",
"value": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-415: Double Free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T19:41:19.285Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/issue/78803"
},
{
"url": "https://go.dev/cl/767860"
},
{
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"url": "https://pkg.go.dev/vuln/GO-2026-4981"
}
],
"title": "Crash when handling long CNAME response in net"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2026-33811",
"datePublished": "2026-05-07T19:41:19.285Z",
"dateReserved": "2026-03-23T20:35:32.814Z",
"dateUpdated": "2026-07-02T12:04:50.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-33811",
"date": "2026-07-02",
"epss": "0.00813",
"percentile": "0.52504"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-33811\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2026-05-07T20:16:42.770\",\"lastModified\":\"2026-07-02T12:17:05.997\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.\"}],\"affected\":[{\"source\":\"security@golang.org\",\"affectedData\":[{\"vendor\":\"Go standard library\",\"product\":\"net\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"net\",\"programRoutines\":[{\"name\":\"cgoResSearch\"},{\"name\":\"LookupCNAME\"},{\"name\":\"Resolver.LookupCNAME\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"1.25.10\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.26.0-0\",\"lessThan\":\"1.26.3\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logging Subsystem for Red Hat OpenShift 6.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:logging:6.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Developer Hub 1.9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhdh:1.9::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Hardened Images\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:hummingbird:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.1::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.2::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.3::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Assisted Installer for Red Hat OpenShift Container Platform 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:assisted_installer:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Builds for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_builds:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"cert-manager Operator for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:cert_manager:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Compliance Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_compliance_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Confidential Compute Attestation\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:confidential_compute_attestation:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Cryostat 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:cryostat:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Custom Metric Autoscaler operator for Red Hat Openshift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_custom_metrics_autoscaler:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Deployment Validation Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:deployment_validator_operator\"]},{\"vendor\":\"Red Hat\",\"product\":\"External Secrets Operator for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:external_secrets_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Fence Agents Remediation Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:workload_availability_far:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"File Integrity Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_file_integrity_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Gatekeeper 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:gatekeeper:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logging Subsystem for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:logging:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logical Volume Manager Storage\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:lvms:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Machine Deletion Remediation Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:workload_availability_mdr:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Migration Toolkit for Applications 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:migration_toolkit_applications:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Migration Toolkit for Containers\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhmt:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"mirror registry for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:mirror_registry:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"mirror registry for Red Hat OpenShift 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:mirror_registry:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multiarch Tuning Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multiarch_tuning_operator\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Engine for Kubernetes\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Global Hub\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_globalhub\"]},{\"vendor\":\"Red Hat\",\"product\":\"Network Observability Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:network_observ_optr:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Node HealthCheck Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:workload_availability_nhc:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift API for Data Protection\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_api_data_protection:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Developer Tools and Services\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ocp_tools\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Lightspeed\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_lightspeed\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Pipelines\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_pipelines:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Serverless\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:serverless:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Source-to-Image (S2I)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:source_to_image:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Power monitoring for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_power_monitoring\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Management for Kubernetes 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:acm:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat build of Apicurio Registry 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_registry:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ceph Storage 5\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ceph_storage:5\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ceph Storage 6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ceph_storage:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ceph Storage 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ceph_storage:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Certification Program for Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:certifications:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Connectivity Link 1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:connectivity_link:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Edge Manager 1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:edge_manager:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AI (RHEL AI) 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux_ai:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Lightspeed for Runtimes Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:lightspeed_for_runtimes:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI (RHOAI)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Cluster Manager CLI\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_cluster_manager_cli:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Openshift Data Foundation 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_data_foundation:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Spaces\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_devspaces:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Workspaces Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:devworkspace\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift distributed tracing 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_distributed_tracing:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift for Windows Containers\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:windows_machine_config\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift GitOps\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_gitops:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift on AWS\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_service_on_aws:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Virtualization 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:container_native_virtualization:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack Platform 16.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openstack:16.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack Platform 17.1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openstack:17.1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack Platform 18.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openstack:18.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:satellite:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Service Interconnect 1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_interconnect:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Service Interconnect 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_interconnect:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Trusted Artifact Signer\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:trusted_artifact_signer:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Web Terminal\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:webterminal:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Security Profiles Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_security_profiles_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Service Telemetry Framework 1.5\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:stf:1.5\"]},{\"vendor\":\"Red Hat\",\"product\":\"streams for Apache Kafka 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:amq_streams:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Zero Trust Workload Identity Manager\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:zero_trust_workload_identity_manager:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Zero Trust Workload Identity Manager - Tech Preview\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:zero_trust_workload_identity_manager:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Service Mesh 2\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Service Mesh 3\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat 3scale API Management Platform 2\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:red_hat_3scale_amp:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat AMQ Clients\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:amq_clients:2023\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-05-08T14:25:39.702568Z\",\"id\":\"CVE-2026-33811\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-415\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1341\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.25.10\",\"matchCriteriaId\":\"1C966EF3-C51C-4239-B5FC-C44A5202FEC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.26.0\",\"versionEndExcluding\":\"1.26.3\",\"matchCriteriaId\":\"522E4CD0-2B99-4363-9C78-0BAFD988A2D6\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/767860\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/78803\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/qcCIEXso47M\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2026-4981\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23262\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23264\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33120\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33123\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33142\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33150\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33574\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34357\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34359\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34364\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-33811\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2467822\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33811.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 10)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 9)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:logging:6.4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Logging Subsystem for Red Hat OpenShift 6.4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhdh:1.9::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Developer Hub 1.9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:hummingbird:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Hardened Images\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.3::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:assisted_installer:2\"], \"vendor\": \"Red Hat\", \"product\": \"Assisted Installer for Red Hat OpenShift Container Platform 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_builds:1\"], \"vendor\": \"Red Hat\", \"product\": \"Builds for Red Hat OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:cert_manager:1\"], \"vendor\": \"Red Hat\", \"product\": \"cert-manager Operator for Red Hat OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_compliance_operator:1\"], \"vendor\": \"Red Hat\", \"product\": \"Compliance Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1\"], \"vendor\": \"Red Hat\", \"product\": \"Confidential Compute Attestation\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:cryostat:4\"], \"vendor\": \"Red Hat\", \"product\": \"Cryostat 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_custom_metrics_autoscaler:2\"], \"vendor\": \"Red Hat\", \"product\": \"Custom Metric Autoscaler operator for Red Hat Openshift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:deployment_validator_operator\"], \"vendor\": \"Red Hat\", \"product\": \"Deployment Validation Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:external_secrets_operator:1\"], \"vendor\": \"Red Hat\", \"product\": \"External Secrets Operator for Red Hat OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:workload_availability_far:0\"], \"vendor\": \"Red Hat\", \"product\": \"Fence Agents Remediation Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_file_integrity_operator:1\"], \"vendor\": \"Red Hat\", \"product\": \"File Integrity Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:gatekeeper:3\"], \"vendor\": \"Red Hat\", \"product\": \"Gatekeeper 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:logging:6\"], \"vendor\": \"Red Hat\", \"product\": \"Logging Subsystem for Red Hat OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:lvms:4\"], \"vendor\": \"Red Hat\", \"product\": \"Logical Volume Manager Storage\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:workload_availability_mdr:0\"], \"vendor\": \"Red Hat\", \"product\": \"Machine Deletion Remediation Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:migration_toolkit_applications:8\"], \"vendor\": \"Red Hat\", \"product\": \"Migration Toolkit for Applications 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhmt:1\"], \"vendor\": \"Red Hat\", \"product\": \"Migration Toolkit for Containers\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:mirror_registry:1\"], \"vendor\": \"Red Hat\", \"product\": \"mirror registry for Red Hat OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:mirror_registry:2\"], \"vendor\": \"Red Hat\", \"product\": \"mirror registry for Red Hat OpenShift 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multiarch_tuning_operator\"], \"vendor\": \"Red Hat\", \"product\": \"Multiarch Tuning Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine\"], \"vendor\": \"Red Hat\", \"product\": \"Multicluster Engine for Kubernetes\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_globalhub\"], \"vendor\": \"Red Hat\", \"product\": \"Multicluster Global Hub\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:network_observ_optr:1\"], \"vendor\": \"Red Hat\", \"product\": \"Network Observability Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:workload_availability_nhc:0\"], \"vendor\": \"Red Hat\", \"product\": \"Node HealthCheck Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_api_data_protection:1\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift API for Data Protection\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ocp_tools\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Developer Tools and Services\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_lightspeed\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Lightspeed\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_pipelines:1\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Pipelines\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:serverless:1\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Serverless\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:source_to_image:1\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Source-to-Image (S2I)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_power_monitoring\"], \"vendor\": \"Red Hat\", \"product\": \"Power monitoring for Red Hat OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:acm:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Management for Kubernetes 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Security 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_registry:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat build of Apicurio Registry 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ceph_storage:5\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ceph Storage 5\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ceph_storage:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ceph Storage 6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ceph_storage:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ceph Storage 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:certifications:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Certification Program for Red Hat Enterprise Linux 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:connectivity_link:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Connectivity Link 1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:edge_manager:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Edge Manager 1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux_ai:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AI (RHEL AI) 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:lightspeed_for_runtimes:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Lightspeed for Runtimes Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_ai\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI (RHOAI)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_cluster_manager_cli:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Cluster Manager CLI\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_data_foundation:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Openshift Data Foundation 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_devspaces:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Spaces\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:devworkspace\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Workspaces Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:windows_machine_config\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift for Windows Containers\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_gitops:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift GitOps\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_service_on_aws:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift on AWS\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:container_native_virtualization:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Virtualization 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openstack:16.2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack Platform 16.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openstack:17.1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack Platform 17.1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openstack:18.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack Platform 18.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_interconnect:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Service Interconnect 1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_interconnect:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Service Interconnect 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:trusted_artifact_signer:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Trusted Artifact Signer\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_security_profiles_operator:1\"], \"vendor\": \"Red Hat\", \"product\": \"Security Profiles Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:stf:1.5\"], \"vendor\": \"Red Hat\", \"product\": \"Service Telemetry Framework 1.5\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:amq_streams:3\"], \"vendor\": \"Red Hat\", \"product\": \"streams for Apache Kafka 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:zero_trust_workload_identity_manager:1\"], \"vendor\": \"Red Hat\", \"product\": \"Zero Trust Workload Identity Manager\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:zero_trust_workload_identity_manager:0\"], \"vendor\": \"Red Hat\", \"product\": \"Zero Trust Workload Identity Manager - Tech Preview\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:2\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Service Mesh 2\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Service Mesh 3\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:red_hat_3scale_amp:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat 3scale API Management Platform 2\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:amq_clients:2023\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat AMQ Clients\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-05-07T20:01:34.913Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-05-07T19:41:19.285Z\", \"value\": \"Made public.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"RHSA-2026:34357: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:34359: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:34364: Logging Subsystem for Red Hat OpenShift 6.4\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33574: Red Hat Developer Hub 1.9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:23262: Red Hat Hardened Images\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:23264: Red Hat Hardened Images\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33120: Red Hat OpenShift Service Mesh 3.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33123: Red Hat OpenShift Service Mesh 3.1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33142: Red Hat OpenShift Service Mesh 3.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33150: Red Hat OpenShift Service Mesh 3.3\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-05-07T19:41:19.285Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-33811\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2467822\", \"name\": \"RHBZ#2467822\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33811.json\", \"tags\": [\"x_sadp-csaf-vex\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34357\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34359\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34364\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33574\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:23262\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:23264\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33120\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33123\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33142\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33150\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"To mitigate this issue, applications can be configured to use the pure Go DNS resolver instead of the `cgo` DNS resolver. This can be achieved by setting the `GODEBUG` environment variable to `netdns=go`. For example, to run a Go application with this mitigation: `GODEBUG=netdns=go /path/to/your/go/application`. This change may require restarting affected applications or services to take effect. Users should verify that this change does not negatively impact DNS resolution for their specific application environment.\"}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1341\", \"description\": \"Multiple Releases of Same Resource or Handle\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-07-02T12:04:50.996Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-33811\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-08T14:25:39.702568Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-08T14:25:36.174Z\"}}], \"cna\": {\"title\": \"Crash when handling long CNAME response in net\", \"credits\": [{\"lang\": \"en\", \"value\": \"hamayanhamayan\"}], \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"net\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.25.10\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.26.0-0\", \"lessThan\": \"1.26.3\", \"versionType\": \"semver\"}], \"packageName\": \"net\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"cgoResSearch\"}, {\"name\": \"LookupCNAME\"}, {\"name\": \"Resolver.LookupCNAME\"}]}], \"references\": [{\"url\": \"https://go.dev/issue/78803\"}, {\"url\": \"https://go.dev/cl/767860\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/qcCIEXso47M\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2026-4981\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-415: Double Free\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2026-05-07T19:41:19.285Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-33811\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-02T12:04:50.996Z\", \"dateReserved\": \"2026-03-23T20:35:32.814Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2026-05-07T19:41:19.285Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
OPENSUSE-SU-2026:10723-1
Vulnerability from csaf_opensuse - Published: 2026-05-08 00:00 - Updated: 2026-05-08 00:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "go1.25-1.25.10-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the go1.25-1.25.10-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10723",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10723-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33811 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33811/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39817 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39819 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39820 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39823 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39825 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39826 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39836 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42499 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42499/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42501 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42501/"
}
],
"title": "go1.25-1.25.10-1.1 on GA media",
"tracking": {
"current_release_date": "2026-05-08T00:00:00Z",
"generator": {
"date": "2026-05-08T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10723-1",
"initial_release_date": "2026-05-08T00:00:00Z",
"revision_history": [
{
"date": "2026-05-08T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.25-1.25.10-1.1.aarch64",
"product": {
"name": "go1.25-1.25.10-1.1.aarch64",
"product_id": "go1.25-1.25.10-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.25-doc-1.25.10-1.1.aarch64",
"product": {
"name": "go1.25-doc-1.25.10-1.1.aarch64",
"product_id": "go1.25-doc-1.25.10-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.25-libstd-1.25.10-1.1.aarch64",
"product": {
"name": "go1.25-libstd-1.25.10-1.1.aarch64",
"product_id": "go1.25-libstd-1.25.10-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.25-race-1.25.10-1.1.aarch64",
"product": {
"name": "go1.25-race-1.25.10-1.1.aarch64",
"product_id": "go1.25-race-1.25.10-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.25-1.25.10-1.1.ppc64le",
"product": {
"name": "go1.25-1.25.10-1.1.ppc64le",
"product_id": "go1.25-1.25.10-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.25-doc-1.25.10-1.1.ppc64le",
"product": {
"name": "go1.25-doc-1.25.10-1.1.ppc64le",
"product_id": "go1.25-doc-1.25.10-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.25-libstd-1.25.10-1.1.ppc64le",
"product": {
"name": "go1.25-libstd-1.25.10-1.1.ppc64le",
"product_id": "go1.25-libstd-1.25.10-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.25-race-1.25.10-1.1.ppc64le",
"product": {
"name": "go1.25-race-1.25.10-1.1.ppc64le",
"product_id": "go1.25-race-1.25.10-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.25-1.25.10-1.1.s390x",
"product": {
"name": "go1.25-1.25.10-1.1.s390x",
"product_id": "go1.25-1.25.10-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.25-doc-1.25.10-1.1.s390x",
"product": {
"name": "go1.25-doc-1.25.10-1.1.s390x",
"product_id": "go1.25-doc-1.25.10-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.25-libstd-1.25.10-1.1.s390x",
"product": {
"name": "go1.25-libstd-1.25.10-1.1.s390x",
"product_id": "go1.25-libstd-1.25.10-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.25-race-1.25.10-1.1.s390x",
"product": {
"name": "go1.25-race-1.25.10-1.1.s390x",
"product_id": "go1.25-race-1.25.10-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.25-1.25.10-1.1.x86_64",
"product": {
"name": "go1.25-1.25.10-1.1.x86_64",
"product_id": "go1.25-1.25.10-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.25-doc-1.25.10-1.1.x86_64",
"product": {
"name": "go1.25-doc-1.25.10-1.1.x86_64",
"product_id": "go1.25-doc-1.25.10-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.25-libstd-1.25.10-1.1.x86_64",
"product": {
"name": "go1.25-libstd-1.25.10-1.1.x86_64",
"product_id": "go1.25-libstd-1.25.10-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.25-race-1.25.10-1.1.x86_64",
"product": {
"name": "go1.25-race-1.25.10-1.1.x86_64",
"product_id": "go1.25-race-1.25.10-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-1.25.10-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64"
},
"product_reference": "go1.25-1.25.10-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-1.25.10-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le"
},
"product_reference": "go1.25-1.25.10-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-1.25.10-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x"
},
"product_reference": "go1.25-1.25.10-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-1.25.10-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64"
},
"product_reference": "go1.25-1.25.10-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-doc-1.25.10-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64"
},
"product_reference": "go1.25-doc-1.25.10-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-doc-1.25.10-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le"
},
"product_reference": "go1.25-doc-1.25.10-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-doc-1.25.10-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x"
},
"product_reference": "go1.25-doc-1.25.10-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-doc-1.25.10-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64"
},
"product_reference": "go1.25-doc-1.25.10-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-libstd-1.25.10-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64"
},
"product_reference": "go1.25-libstd-1.25.10-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-libstd-1.25.10-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le"
},
"product_reference": "go1.25-libstd-1.25.10-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-libstd-1.25.10-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x"
},
"product_reference": "go1.25-libstd-1.25.10-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-libstd-1.25.10-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64"
},
"product_reference": "go1.25-libstd-1.25.10-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-race-1.25.10-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64"
},
"product_reference": "go1.25-race-1.25.10-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-race-1.25.10-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le"
},
"product_reference": "go1.25-race-1.25.10-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-race-1.25.10-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x"
},
"product_reference": "go1.25-race-1.25.10-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-race-1.25.10-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64"
},
"product_reference": "go1.25-race-1.25.10-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33811",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33811"
}
],
"notes": [
{
"category": "general",
"text": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33811",
"url": "https://www.suse.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "SUSE Bug 1264508 for CVE-2026-33811",
"url": "https://bugzilla.suse.com/1264508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33811"
},
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-39817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39817"
}
],
"notes": [
{
"category": "general",
"text": "The \"go tool pack\" subcommand (usually used only by the compiler as an internal tool with known-good inputs) does not sanitize output filenames. Extracting a malicious archive file with the \"pack\" subcommand can write files to arbitrary locations on the filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39817",
"url": "https://www.suse.com/security/cve/CVE-2026-39817"
},
{
"category": "external",
"summary": "SUSE Bug 1264505 for CVE-2026-39817",
"url": "https://bugzilla.suse.com/1264505"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-39817"
},
{
"cve": "CVE-2026-39819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39819"
}
],
"notes": [
{
"category": "general",
"text": "The \"go bug\" command writes to two files with predictable names in the system temporary directory (for example, \"/tmp\"). An attacker with access to the temporary directory can create a symlink in one of these names, causing \"go bug\" to overwrite the target of the symlink.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39819",
"url": "https://www.suse.com/security/cve/CVE-2026-39819"
},
{
"category": "external",
"summary": "SUSE Bug 1264504 for CVE-2026-39819",
"url": "https://bugzilla.suse.com/1264504"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-39819"
},
{
"cve": "CVE-2026-39820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39820"
}
],
"notes": [
{
"category": "general",
"text": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39820",
"url": "https://www.suse.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "SUSE Bug 1264503 for CVE-2026-39820",
"url": "https://bugzilla.suse.com/1264503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39820"
},
{
"cve": "CVE-2026-39823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39823"
}
],
"notes": [
{
"category": "general",
"text": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag\u0027s \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the \u0027=\u0027 rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39823",
"url": "https://www.suse.com/security/cve/CVE-2026-39823"
},
{
"category": "external",
"summary": "SUSE Bug 1264509 for CVE-2026-39823",
"url": "https://bugzilla.suse.com/1264509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-39823"
},
{
"cve": "CVE-2026-39825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39825"
}
],
"notes": [
{
"category": "general",
"text": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery\u0027s limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy\u0027s Rewrite function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39825",
"url": "https://www.suse.com/security/cve/CVE-2026-39825"
},
{
"category": "external",
"summary": "SUSE Bug 1264500 for CVE-2026-39825",
"url": "https://bugzilla.suse.com/1264500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-39825"
},
{
"cve": "CVE-2026-39826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39826"
}
],
"notes": [
{
"category": "general",
"text": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty \u0027type\u0027 attribute or a \u0027type\u0027 attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39826",
"url": "https://www.suse.com/security/cve/CVE-2026-39826"
},
{
"category": "external",
"summary": "SUSE Bug 1264507 for CVE-2026-39826",
"url": "https://bugzilla.suse.com/1264507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-08T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-39826"
},
{
"cve": "CVE-2026-39836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39836"
}
],
"notes": [
{
"category": "general",
"text": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39836",
"url": "https://www.suse.com/security/cve/CVE-2026-39836"
},
{
"category": "external",
"summary": "SUSE Bug 1264501 for CVE-2026-39836",
"url": "https://bugzilla.suse.com/1264501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39836"
},
{
"cve": "CVE-2026-42499",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42499"
}
],
"notes": [
{
"category": "general",
"text": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42499",
"url": "https://www.suse.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "SUSE Bug 1264502 for CVE-2026-42499",
"url": "https://bugzilla.suse.com/1264502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42499"
},
{
"cve": "CVE-2026-42501",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42501"
}
],
"notes": [
{
"category": "general",
"text": "A malicious module proxy can exploit a flaw in the go command\u0027s validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy (GOMODPROXY) or checksum database (GOSUMDB). A malicious module proxy can serve altered versions of the Go toolchain. When selecting a different version of the Go toolchain than the currently installed toolchain (due to the GOTOOLCHAIN environment variable, or a go.work or go.mod with a toolchain line), the go command will download and execute a toolchain provided by the module proxy. A malicious module proxy can bypass checksum database validation for this downloaded toolchain. Since this vulnerability affects the security of toolchain downloads, setting GOTOOLCHAIN to a fixed version is not sufficient. You must upgrade your base Go toolchain. The go tool always validates the hash of a toolchain before executing it, so fixed versions will refuse to execute any cached, altered versions of the toolchain. The go tool trusts go.sum files to contain accurate hashes of the current module\u0027s dependencies. A malicious proxy exploiting this vulnerability to serve an altered module will have caused an incorrect hash to be recorded in the go.sum. Users who have configured a non-trusted GOPROXY can determine if they have been affected by running \"rm go.sum ; go mod tidy ; go mod verify\", which will revalidate all dependencies of the current module. The specific flaw in more detail: The go command consults the checksum database to validate downloaded modules, when a module is not listed in the go.sum file. It verifies that the module hash reported by the checksum database matches the hash of the downloaded module. If, however, the checksum database returns a successful response that contains no entry for the module, the go command incorrectly permitted validation to succeed. A module proxy may mirror or proxy the checksum database, in which case the go command will not connect to the checksum database directly. Checksums reported by the checksum database are cryptographically signed, so a malicious proxy cannot alter the reported checksum for a module. However, a proxy which returns an empty checksum response, or a checksum response for an unrelated module, could cause the go command to proceed as if a downloaded module has been validated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42501",
"url": "https://www.suse.com/security/cve/CVE-2026-42501"
},
{
"category": "external",
"summary": "SUSE Bug 1264499 for CVE-2026-42501",
"url": "https://bugzilla.suse.com/1264499"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-doc-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-libstd-1.25.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.s390x",
"openSUSE Tumbleweed:go1.25-race-1.25.10-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42501"
}
]
}
OPENSUSE-SU-2026:10741-1
Vulnerability from csaf_opensuse - Published: 2026-05-10 00:00 - Updated: 2026-05-10 00:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "go1.26-1.26.3-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the go1.26-1.26.3-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10741",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10741-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33811 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33811/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39817 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39819 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39820 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39823 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39825 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39826 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39836 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42499 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42499/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42501 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42501/"
}
],
"title": "go1.26-1.26.3-1.1 on GA media",
"tracking": {
"current_release_date": "2026-05-10T00:00:00Z",
"generator": {
"date": "2026-05-10T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10741-1",
"initial_release_date": "2026-05-10T00:00:00Z",
"revision_history": [
{
"date": "2026-05-10T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.26-1.26.3-1.1.aarch64",
"product": {
"name": "go1.26-1.26.3-1.1.aarch64",
"product_id": "go1.26-1.26.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.26-doc-1.26.3-1.1.aarch64",
"product": {
"name": "go1.26-doc-1.26.3-1.1.aarch64",
"product_id": "go1.26-doc-1.26.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.26-libstd-1.26.3-1.1.aarch64",
"product": {
"name": "go1.26-libstd-1.26.3-1.1.aarch64",
"product_id": "go1.26-libstd-1.26.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.26-race-1.26.3-1.1.aarch64",
"product": {
"name": "go1.26-race-1.26.3-1.1.aarch64",
"product_id": "go1.26-race-1.26.3-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.26-1.26.3-1.1.ppc64le",
"product": {
"name": "go1.26-1.26.3-1.1.ppc64le",
"product_id": "go1.26-1.26.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.26-doc-1.26.3-1.1.ppc64le",
"product": {
"name": "go1.26-doc-1.26.3-1.1.ppc64le",
"product_id": "go1.26-doc-1.26.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.26-libstd-1.26.3-1.1.ppc64le",
"product": {
"name": "go1.26-libstd-1.26.3-1.1.ppc64le",
"product_id": "go1.26-libstd-1.26.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.26-race-1.26.3-1.1.ppc64le",
"product": {
"name": "go1.26-race-1.26.3-1.1.ppc64le",
"product_id": "go1.26-race-1.26.3-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.26-1.26.3-1.1.s390x",
"product": {
"name": "go1.26-1.26.3-1.1.s390x",
"product_id": "go1.26-1.26.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.26-doc-1.26.3-1.1.s390x",
"product": {
"name": "go1.26-doc-1.26.3-1.1.s390x",
"product_id": "go1.26-doc-1.26.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.26-libstd-1.26.3-1.1.s390x",
"product": {
"name": "go1.26-libstd-1.26.3-1.1.s390x",
"product_id": "go1.26-libstd-1.26.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.26-race-1.26.3-1.1.s390x",
"product": {
"name": "go1.26-race-1.26.3-1.1.s390x",
"product_id": "go1.26-race-1.26.3-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.26-1.26.3-1.1.x86_64",
"product": {
"name": "go1.26-1.26.3-1.1.x86_64",
"product_id": "go1.26-1.26.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.26-doc-1.26.3-1.1.x86_64",
"product": {
"name": "go1.26-doc-1.26.3-1.1.x86_64",
"product_id": "go1.26-doc-1.26.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.26-libstd-1.26.3-1.1.x86_64",
"product": {
"name": "go1.26-libstd-1.26.3-1.1.x86_64",
"product_id": "go1.26-libstd-1.26.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.26-race-1.26.3-1.1.x86_64",
"product": {
"name": "go1.26-race-1.26.3-1.1.x86_64",
"product_id": "go1.26-race-1.26.3-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-1.26.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64"
},
"product_reference": "go1.26-1.26.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-1.26.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le"
},
"product_reference": "go1.26-1.26.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-1.26.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x"
},
"product_reference": "go1.26-1.26.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-1.26.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64"
},
"product_reference": "go1.26-1.26.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-doc-1.26.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64"
},
"product_reference": "go1.26-doc-1.26.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-doc-1.26.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le"
},
"product_reference": "go1.26-doc-1.26.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-doc-1.26.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x"
},
"product_reference": "go1.26-doc-1.26.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-doc-1.26.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64"
},
"product_reference": "go1.26-doc-1.26.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-libstd-1.26.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64"
},
"product_reference": "go1.26-libstd-1.26.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-libstd-1.26.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le"
},
"product_reference": "go1.26-libstd-1.26.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-libstd-1.26.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x"
},
"product_reference": "go1.26-libstd-1.26.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-libstd-1.26.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64"
},
"product_reference": "go1.26-libstd-1.26.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-race-1.26.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64"
},
"product_reference": "go1.26-race-1.26.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-race-1.26.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le"
},
"product_reference": "go1.26-race-1.26.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-race-1.26.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x"
},
"product_reference": "go1.26-race-1.26.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-race-1.26.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64"
},
"product_reference": "go1.26-race-1.26.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33811",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33811"
}
],
"notes": [
{
"category": "general",
"text": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33811",
"url": "https://www.suse.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "SUSE Bug 1264508 for CVE-2026-33811",
"url": "https://bugzilla.suse.com/1264508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-10T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33811"
},
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-10T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-39817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39817"
}
],
"notes": [
{
"category": "general",
"text": "The \"go tool pack\" subcommand (usually used only by the compiler as an internal tool with known-good inputs) does not sanitize output filenames. Extracting a malicious archive file with the \"pack\" subcommand can write files to arbitrary locations on the filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39817",
"url": "https://www.suse.com/security/cve/CVE-2026-39817"
},
{
"category": "external",
"summary": "SUSE Bug 1264505 for CVE-2026-39817",
"url": "https://bugzilla.suse.com/1264505"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-10T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-39817"
},
{
"cve": "CVE-2026-39819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39819"
}
],
"notes": [
{
"category": "general",
"text": "The \"go bug\" command writes to two files with predictable names in the system temporary directory (for example, \"/tmp\"). An attacker with access to the temporary directory can create a symlink in one of these names, causing \"go bug\" to overwrite the target of the symlink.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39819",
"url": "https://www.suse.com/security/cve/CVE-2026-39819"
},
{
"category": "external",
"summary": "SUSE Bug 1264504 for CVE-2026-39819",
"url": "https://bugzilla.suse.com/1264504"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-10T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-39819"
},
{
"cve": "CVE-2026-39820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39820"
}
],
"notes": [
{
"category": "general",
"text": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39820",
"url": "https://www.suse.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "SUSE Bug 1264503 for CVE-2026-39820",
"url": "https://bugzilla.suse.com/1264503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-10T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39820"
},
{
"cve": "CVE-2026-39823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39823"
}
],
"notes": [
{
"category": "general",
"text": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag\u0027s \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the \u0027=\u0027 rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39823",
"url": "https://www.suse.com/security/cve/CVE-2026-39823"
},
{
"category": "external",
"summary": "SUSE Bug 1264509 for CVE-2026-39823",
"url": "https://bugzilla.suse.com/1264509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-10T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-39823"
},
{
"cve": "CVE-2026-39825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39825"
}
],
"notes": [
{
"category": "general",
"text": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery\u0027s limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy\u0027s Rewrite function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39825",
"url": "https://www.suse.com/security/cve/CVE-2026-39825"
},
{
"category": "external",
"summary": "SUSE Bug 1264500 for CVE-2026-39825",
"url": "https://bugzilla.suse.com/1264500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-10T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-39825"
},
{
"cve": "CVE-2026-39826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39826"
}
],
"notes": [
{
"category": "general",
"text": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty \u0027type\u0027 attribute or a \u0027type\u0027 attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39826",
"url": "https://www.suse.com/security/cve/CVE-2026-39826"
},
{
"category": "external",
"summary": "SUSE Bug 1264507 for CVE-2026-39826",
"url": "https://bugzilla.suse.com/1264507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-10T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-39826"
},
{
"cve": "CVE-2026-39836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39836"
}
],
"notes": [
{
"category": "general",
"text": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39836",
"url": "https://www.suse.com/security/cve/CVE-2026-39836"
},
{
"category": "external",
"summary": "SUSE Bug 1264501 for CVE-2026-39836",
"url": "https://bugzilla.suse.com/1264501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-10T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39836"
},
{
"cve": "CVE-2026-42499",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42499"
}
],
"notes": [
{
"category": "general",
"text": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42499",
"url": "https://www.suse.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "SUSE Bug 1264502 for CVE-2026-42499",
"url": "https://bugzilla.suse.com/1264502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-10T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42499"
},
{
"cve": "CVE-2026-42501",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42501"
}
],
"notes": [
{
"category": "general",
"text": "A malicious module proxy can exploit a flaw in the go command\u0027s validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy (GOMODPROXY) or checksum database (GOSUMDB). A malicious module proxy can serve altered versions of the Go toolchain. When selecting a different version of the Go toolchain than the currently installed toolchain (due to the GOTOOLCHAIN environment variable, or a go.work or go.mod with a toolchain line), the go command will download and execute a toolchain provided by the module proxy. A malicious module proxy can bypass checksum database validation for this downloaded toolchain. Since this vulnerability affects the security of toolchain downloads, setting GOTOOLCHAIN to a fixed version is not sufficient. You must upgrade your base Go toolchain. The go tool always validates the hash of a toolchain before executing it, so fixed versions will refuse to execute any cached, altered versions of the toolchain. The go tool trusts go.sum files to contain accurate hashes of the current module\u0027s dependencies. A malicious proxy exploiting this vulnerability to serve an altered module will have caused an incorrect hash to be recorded in the go.sum. Users who have configured a non-trusted GOPROXY can determine if they have been affected by running \"rm go.sum ; go mod tidy ; go mod verify\", which will revalidate all dependencies of the current module. The specific flaw in more detail: The go command consults the checksum database to validate downloaded modules, when a module is not listed in the go.sum file. It verifies that the module hash reported by the checksum database matches the hash of the downloaded module. If, however, the checksum database returns a successful response that contains no entry for the module, the go command incorrectly permitted validation to succeed. A module proxy may mirror or proxy the checksum database, in which case the go command will not connect to the checksum database directly. Checksums reported by the checksum database are cryptographically signed, so a malicious proxy cannot alter the reported checksum for a module. However, a proxy which returns an empty checksum response, or a checksum response for an unrelated module, could cause the go command to proceed as if a downloaded module has been validated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42501",
"url": "https://www.suse.com/security/cve/CVE-2026-42501"
},
{
"category": "external",
"summary": "SUSE Bug 1264499 for CVE-2026-42501",
"url": "https://bugzilla.suse.com/1264499"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-doc-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-libstd-1.26.3-1.1.x86_64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.aarch64",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.ppc64le",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.s390x",
"openSUSE Tumbleweed:go1.26-race-1.26.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-10T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42501"
}
]
}
OPENSUSE-SU-2026:20762-1
Vulnerability from csaf_opensuse - Published: 2026-05-17 20:16 - Updated: 2026-05-17 20:16| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.26",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.26 fixes the following issues\n\nSecurity issues:\n\n- CVE-2026-33811: net: crash when handling long CNAME response (bsc#1264508).\n- CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE (bsc#1264506).\n- CVE-2026-39817: cmd/go: \"go tool pack\" does not sanitize output paths (bsc#1264505).\n- CVE-2026-39819: cmd/go: \"go bug\" follows symlinks in predictable temporary filenames (bsc#1264504).\n- CVE-2026-39820: net/mail: quadratic string concatentation in consumeComment (bsc#1264503).\n- CVE-2026-39823: html/template: bypass of meta content URL escaping causes XSS (bsc#1264509).\n- CVE-2026-39825: net/http/httputil: ReverseProxy forwards queries with more than urlmaxqueryparams parameters\n (bsc#1264500).\n- CVE-2026-39826: html/template: escaper bypass leads to XSS (bsc#1264507).\n- CVE-2026-39836: net: panic in Dial and LookupPort when handling NUL byte on Windows (bsc#1264501).\n- CVE-2026-42499: net/mail: quadratic string concatenation in consumePhrase (bsc#1264502).\n- CVE-2026-42501: cmd/go: malicious module proxy can bypass checksum database (bsc#1264499).\n\nNon security issues:\n\n- Updated to go1.26.3 (bsc#1255111).\n- Go packages miss binutils-gold dependency (bsc#1170826).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-758",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20762-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1170826",
"url": "https://bugzilla.suse.com/1170826"
},
{
"category": "self",
"summary": "SUSE Bug 1255111",
"url": "https://bugzilla.suse.com/1255111"
},
{
"category": "self",
"summary": "SUSE Bug 1264499",
"url": "https://bugzilla.suse.com/1264499"
},
{
"category": "self",
"summary": "SUSE Bug 1264500",
"url": "https://bugzilla.suse.com/1264500"
},
{
"category": "self",
"summary": "SUSE Bug 1264501",
"url": "https://bugzilla.suse.com/1264501"
},
{
"category": "self",
"summary": "SUSE Bug 1264502",
"url": "https://bugzilla.suse.com/1264502"
},
{
"category": "self",
"summary": "SUSE Bug 1264503",
"url": "https://bugzilla.suse.com/1264503"
},
{
"category": "self",
"summary": "SUSE Bug 1264504",
"url": "https://bugzilla.suse.com/1264504"
},
{
"category": "self",
"summary": "SUSE Bug 1264505",
"url": "https://bugzilla.suse.com/1264505"
},
{
"category": "self",
"summary": "SUSE Bug 1264506",
"url": "https://bugzilla.suse.com/1264506"
},
{
"category": "self",
"summary": "SUSE Bug 1264507",
"url": "https://bugzilla.suse.com/1264507"
},
{
"category": "self",
"summary": "SUSE Bug 1264508",
"url": "https://bugzilla.suse.com/1264508"
},
{
"category": "self",
"summary": "SUSE Bug 1264509",
"url": "https://bugzilla.suse.com/1264509"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33811 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33811/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39817 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39819 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39820 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39823 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39825 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39826 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39836 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42499 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42499/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42501 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42501/"
}
],
"title": "Security update for go1.26",
"tracking": {
"current_release_date": "2026-05-17T20:16:08Z",
"generator": {
"date": "2026-05-17T20:16:08Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20762-1",
"initial_release_date": "2026-05-17T20:16:08Z",
"revision_history": [
{
"date": "2026-05-17T20:16:08Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.26-1.26.3-160000.1.1.aarch64",
"product": {
"name": "go1.26-1.26.3-160000.1.1.aarch64",
"product_id": "go1.26-1.26.3-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.26-doc-1.26.3-160000.1.1.aarch64",
"product": {
"name": "go1.26-doc-1.26.3-160000.1.1.aarch64",
"product_id": "go1.26-doc-1.26.3-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.26-libstd-1.26.3-160000.1.1.aarch64",
"product": {
"name": "go1.26-libstd-1.26.3-160000.1.1.aarch64",
"product_id": "go1.26-libstd-1.26.3-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.26-race-1.26.3-160000.1.1.aarch64",
"product": {
"name": "go1.26-race-1.26.3-160000.1.1.aarch64",
"product_id": "go1.26-race-1.26.3-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.26-1.26.3-160000.1.1.ppc64le",
"product": {
"name": "go1.26-1.26.3-160000.1.1.ppc64le",
"product_id": "go1.26-1.26.3-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.26-doc-1.26.3-160000.1.1.ppc64le",
"product": {
"name": "go1.26-doc-1.26.3-160000.1.1.ppc64le",
"product_id": "go1.26-doc-1.26.3-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.26-race-1.26.3-160000.1.1.ppc64le",
"product": {
"name": "go1.26-race-1.26.3-160000.1.1.ppc64le",
"product_id": "go1.26-race-1.26.3-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.26-1.26.3-160000.1.1.s390x",
"product": {
"name": "go1.26-1.26.3-160000.1.1.s390x",
"product_id": "go1.26-1.26.3-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.26-doc-1.26.3-160000.1.1.s390x",
"product": {
"name": "go1.26-doc-1.26.3-160000.1.1.s390x",
"product_id": "go1.26-doc-1.26.3-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.26-race-1.26.3-160000.1.1.s390x",
"product": {
"name": "go1.26-race-1.26.3-160000.1.1.s390x",
"product_id": "go1.26-race-1.26.3-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.26-1.26.3-160000.1.1.x86_64",
"product": {
"name": "go1.26-1.26.3-160000.1.1.x86_64",
"product_id": "go1.26-1.26.3-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.26-doc-1.26.3-160000.1.1.x86_64",
"product": {
"name": "go1.26-doc-1.26.3-160000.1.1.x86_64",
"product_id": "go1.26-doc-1.26.3-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.26-libstd-1.26.3-160000.1.1.x86_64",
"product": {
"name": "go1.26-libstd-1.26.3-160000.1.1.x86_64",
"product_id": "go1.26-libstd-1.26.3-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.26-race-1.26.3-160000.1.1.x86_64",
"product": {
"name": "go1.26-race-1.26.3-160000.1.1.x86_64",
"product_id": "go1.26-race-1.26.3-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-1.26.3-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64"
},
"product_reference": "go1.26-1.26.3-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-1.26.3-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le"
},
"product_reference": "go1.26-1.26.3-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-1.26.3-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x"
},
"product_reference": "go1.26-1.26.3-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-1.26.3-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64"
},
"product_reference": "go1.26-1.26.3-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-doc-1.26.3-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64"
},
"product_reference": "go1.26-doc-1.26.3-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-doc-1.26.3-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le"
},
"product_reference": "go1.26-doc-1.26.3-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-doc-1.26.3-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x"
},
"product_reference": "go1.26-doc-1.26.3-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-doc-1.26.3-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64"
},
"product_reference": "go1.26-doc-1.26.3-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-libstd-1.26.3-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64"
},
"product_reference": "go1.26-libstd-1.26.3-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-libstd-1.26.3-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64"
},
"product_reference": "go1.26-libstd-1.26.3-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-race-1.26.3-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64"
},
"product_reference": "go1.26-race-1.26.3-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-race-1.26.3-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le"
},
"product_reference": "go1.26-race-1.26.3-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-race-1.26.3-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x"
},
"product_reference": "go1.26-race-1.26.3-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.26-race-1.26.3-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
},
"product_reference": "go1.26-race-1.26.3-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33811",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33811"
}
],
"notes": [
{
"category": "general",
"text": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33811",
"url": "https://www.suse.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "SUSE Bug 1264508 for CVE-2026-33811",
"url": "https://bugzilla.suse.com/1264508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-17T20:16:08Z",
"details": "important"
}
],
"title": "CVE-2026-33811"
},
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-17T20:16:08Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-39817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39817"
}
],
"notes": [
{
"category": "general",
"text": "The \"go tool pack\" subcommand (usually used only by the compiler as an internal tool with known-good inputs) does not sanitize output filenames. Extracting a malicious archive file with the \"pack\" subcommand can write files to arbitrary locations on the filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39817",
"url": "https://www.suse.com/security/cve/CVE-2026-39817"
},
{
"category": "external",
"summary": "SUSE Bug 1264505 for CVE-2026-39817",
"url": "https://bugzilla.suse.com/1264505"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-17T20:16:08Z",
"details": "moderate"
}
],
"title": "CVE-2026-39817"
},
{
"cve": "CVE-2026-39819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39819"
}
],
"notes": [
{
"category": "general",
"text": "The \"go bug\" command writes to two files with predictable names in the system temporary directory (for example, \"/tmp\"). An attacker with access to the temporary directory can create a symlink in one of these names, causing \"go bug\" to overwrite the target of the symlink.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39819",
"url": "https://www.suse.com/security/cve/CVE-2026-39819"
},
{
"category": "external",
"summary": "SUSE Bug 1264504 for CVE-2026-39819",
"url": "https://bugzilla.suse.com/1264504"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-17T20:16:08Z",
"details": "moderate"
}
],
"title": "CVE-2026-39819"
},
{
"cve": "CVE-2026-39820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39820"
}
],
"notes": [
{
"category": "general",
"text": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39820",
"url": "https://www.suse.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "SUSE Bug 1264503 for CVE-2026-39820",
"url": "https://bugzilla.suse.com/1264503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-17T20:16:08Z",
"details": "important"
}
],
"title": "CVE-2026-39820"
},
{
"cve": "CVE-2026-39823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39823"
}
],
"notes": [
{
"category": "general",
"text": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag\u0027s \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the \u0027=\u0027 rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39823",
"url": "https://www.suse.com/security/cve/CVE-2026-39823"
},
{
"category": "external",
"summary": "SUSE Bug 1264509 for CVE-2026-39823",
"url": "https://bugzilla.suse.com/1264509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-17T20:16:08Z",
"details": "moderate"
}
],
"title": "CVE-2026-39823"
},
{
"cve": "CVE-2026-39825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39825"
}
],
"notes": [
{
"category": "general",
"text": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery\u0027s limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy\u0027s Rewrite function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39825",
"url": "https://www.suse.com/security/cve/CVE-2026-39825"
},
{
"category": "external",
"summary": "SUSE Bug 1264500 for CVE-2026-39825",
"url": "https://bugzilla.suse.com/1264500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-17T20:16:08Z",
"details": "moderate"
}
],
"title": "CVE-2026-39825"
},
{
"cve": "CVE-2026-39826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39826"
}
],
"notes": [
{
"category": "general",
"text": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty \u0027type\u0027 attribute or a \u0027type\u0027 attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39826",
"url": "https://www.suse.com/security/cve/CVE-2026-39826"
},
{
"category": "external",
"summary": "SUSE Bug 1264507 for CVE-2026-39826",
"url": "https://bugzilla.suse.com/1264507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-17T20:16:08Z",
"details": "moderate"
}
],
"title": "CVE-2026-39826"
},
{
"cve": "CVE-2026-39836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39836"
}
],
"notes": [
{
"category": "general",
"text": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39836",
"url": "https://www.suse.com/security/cve/CVE-2026-39836"
},
{
"category": "external",
"summary": "SUSE Bug 1264501 for CVE-2026-39836",
"url": "https://bugzilla.suse.com/1264501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-17T20:16:08Z",
"details": "important"
}
],
"title": "CVE-2026-39836"
},
{
"cve": "CVE-2026-42499",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42499"
}
],
"notes": [
{
"category": "general",
"text": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42499",
"url": "https://www.suse.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "SUSE Bug 1264502 for CVE-2026-42499",
"url": "https://bugzilla.suse.com/1264502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-17T20:16:08Z",
"details": "important"
}
],
"title": "CVE-2026-42499"
},
{
"cve": "CVE-2026-42501",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42501"
}
],
"notes": [
{
"category": "general",
"text": "A malicious module proxy can exploit a flaw in the go command\u0027s validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy (GOMODPROXY) or checksum database (GOSUMDB). A malicious module proxy can serve altered versions of the Go toolchain. When selecting a different version of the Go toolchain than the currently installed toolchain (due to the GOTOOLCHAIN environment variable, or a go.work or go.mod with a toolchain line), the go command will download and execute a toolchain provided by the module proxy. A malicious module proxy can bypass checksum database validation for this downloaded toolchain. Since this vulnerability affects the security of toolchain downloads, setting GOTOOLCHAIN to a fixed version is not sufficient. You must upgrade your base Go toolchain. The go tool always validates the hash of a toolchain before executing it, so fixed versions will refuse to execute any cached, altered versions of the toolchain. The go tool trusts go.sum files to contain accurate hashes of the current module\u0027s dependencies. A malicious proxy exploiting this vulnerability to serve an altered module will have caused an incorrect hash to be recorded in the go.sum. Users who have configured a non-trusted GOPROXY can determine if they have been affected by running \"rm go.sum ; go mod tidy ; go mod verify\", which will revalidate all dependencies of the current module. The specific flaw in more detail: The go command consults the checksum database to validate downloaded modules, when a module is not listed in the go.sum file. It verifies that the module hash reported by the checksum database matches the hash of the downloaded module. If, however, the checksum database returns a successful response that contains no entry for the module, the go command incorrectly permitted validation to succeed. A module proxy may mirror or proxy the checksum database, in which case the go command will not connect to the checksum database directly. Checksums reported by the checksum database are cryptographically signed, so a malicious proxy cannot alter the reported checksum for a module. However, a proxy which returns an empty checksum response, or a checksum response for an unrelated module, could cause the go command to proceed as if a downloaded module has been validated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42501",
"url": "https://www.suse.com/security/cve/CVE-2026-42501"
},
{
"category": "external",
"summary": "SUSE Bug 1264499 for CVE-2026-42501",
"url": "https://bugzilla.suse.com/1264499"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-doc-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-libstd-1.26.3-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.26-race-1.26.3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-17T20:16:08Z",
"details": "important"
}
],
"title": "CVE-2026-42501"
}
]
}
OPENSUSE-SU-2026:20763-1
Vulnerability from csaf_opensuse - Published: 2026-05-18 00:17 - Updated: 2026-05-18 00:17| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.25",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.25 fixes the following issues\n\nSecurity issues:\n\n- CVE-2026-33811: net: crash when handling long CNAME response (bsc#1264508).\n- CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE (bsc#1264506).\n- CVE-2026-39817: cmd/go: \"go tool pack\" does not sanitize output paths (bsc#1264505).\n- CVE-2026-39819: cmd/go: \"go bug\" follows symlinks in predictable temporary filenames (bsc#1264504).\n- CVE-2026-39820: net/mail: quadratic string concatentation in consumeComment (bsc#1264503).\n- CVE-2026-39823: html/template: bypass of meta content URL escaping causes XSS (bsc#1264509).\n- CVE-2026-39825: net/http/httputil: ReverseProxy forwards queries with more than urlmaxqueryparams parameters\n (bsc#1264500).\n- CVE-2026-39826: html/template: escaper bypass leads to XSS (bsc#1264507).\n- CVE-2026-39836: net: panic in Dial and LookupPort when handling NUL byte on Windows (bsc#1264501).\n- CVE-2026-42499: net/mail: quadratic string concatenation in consumePhrase (bsc#1264502).\n- CVE-2026-42501: cmd/go: malicious module proxy can bypass checksum database (bsc#1264499).\n\nNon security issues:\n\n- Updated to go1.25.10 (bsc#1244485).\n- Go packages miss binutils-gold dependency (bsc#1170826).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-760",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20763-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1170826",
"url": "https://bugzilla.suse.com/1170826"
},
{
"category": "self",
"summary": "SUSE Bug 1244485",
"url": "https://bugzilla.suse.com/1244485"
},
{
"category": "self",
"summary": "SUSE Bug 1264499",
"url": "https://bugzilla.suse.com/1264499"
},
{
"category": "self",
"summary": "SUSE Bug 1264500",
"url": "https://bugzilla.suse.com/1264500"
},
{
"category": "self",
"summary": "SUSE Bug 1264501",
"url": "https://bugzilla.suse.com/1264501"
},
{
"category": "self",
"summary": "SUSE Bug 1264502",
"url": "https://bugzilla.suse.com/1264502"
},
{
"category": "self",
"summary": "SUSE Bug 1264503",
"url": "https://bugzilla.suse.com/1264503"
},
{
"category": "self",
"summary": "SUSE Bug 1264504",
"url": "https://bugzilla.suse.com/1264504"
},
{
"category": "self",
"summary": "SUSE Bug 1264505",
"url": "https://bugzilla.suse.com/1264505"
},
{
"category": "self",
"summary": "SUSE Bug 1264506",
"url": "https://bugzilla.suse.com/1264506"
},
{
"category": "self",
"summary": "SUSE Bug 1264507",
"url": "https://bugzilla.suse.com/1264507"
},
{
"category": "self",
"summary": "SUSE Bug 1264508",
"url": "https://bugzilla.suse.com/1264508"
},
{
"category": "self",
"summary": "SUSE Bug 1264509",
"url": "https://bugzilla.suse.com/1264509"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33811 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33811/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39817 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39819 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39819/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39820 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39820/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39823 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39825 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39826 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39836 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39836/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42499 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42499/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42501 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42501/"
}
],
"title": "Security update for go1.25",
"tracking": {
"current_release_date": "2026-05-18T00:17:42Z",
"generator": {
"date": "2026-05-18T00:17:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20763-1",
"initial_release_date": "2026-05-18T00:17:42Z",
"revision_history": [
{
"date": "2026-05-18T00:17:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.25-1.25.10-160000.1.1.aarch64",
"product": {
"name": "go1.25-1.25.10-160000.1.1.aarch64",
"product_id": "go1.25-1.25.10-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.25-doc-1.25.10-160000.1.1.aarch64",
"product": {
"name": "go1.25-doc-1.25.10-160000.1.1.aarch64",
"product_id": "go1.25-doc-1.25.10-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.25-libstd-1.25.10-160000.1.1.aarch64",
"product": {
"name": "go1.25-libstd-1.25.10-160000.1.1.aarch64",
"product_id": "go1.25-libstd-1.25.10-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.25-race-1.25.10-160000.1.1.aarch64",
"product": {
"name": "go1.25-race-1.25.10-160000.1.1.aarch64",
"product_id": "go1.25-race-1.25.10-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.25-1.25.10-160000.1.1.ppc64le",
"product": {
"name": "go1.25-1.25.10-160000.1.1.ppc64le",
"product_id": "go1.25-1.25.10-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.25-doc-1.25.10-160000.1.1.ppc64le",
"product": {
"name": "go1.25-doc-1.25.10-160000.1.1.ppc64le",
"product_id": "go1.25-doc-1.25.10-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.25-race-1.25.10-160000.1.1.ppc64le",
"product": {
"name": "go1.25-race-1.25.10-160000.1.1.ppc64le",
"product_id": "go1.25-race-1.25.10-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.25-1.25.10-160000.1.1.s390x",
"product": {
"name": "go1.25-1.25.10-160000.1.1.s390x",
"product_id": "go1.25-1.25.10-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.25-doc-1.25.10-160000.1.1.s390x",
"product": {
"name": "go1.25-doc-1.25.10-160000.1.1.s390x",
"product_id": "go1.25-doc-1.25.10-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.25-race-1.25.10-160000.1.1.s390x",
"product": {
"name": "go1.25-race-1.25.10-160000.1.1.s390x",
"product_id": "go1.25-race-1.25.10-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.25-1.25.10-160000.1.1.x86_64",
"product": {
"name": "go1.25-1.25.10-160000.1.1.x86_64",
"product_id": "go1.25-1.25.10-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.25-doc-1.25.10-160000.1.1.x86_64",
"product": {
"name": "go1.25-doc-1.25.10-160000.1.1.x86_64",
"product_id": "go1.25-doc-1.25.10-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.25-libstd-1.25.10-160000.1.1.x86_64",
"product": {
"name": "go1.25-libstd-1.25.10-160000.1.1.x86_64",
"product_id": "go1.25-libstd-1.25.10-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.25-race-1.25.10-160000.1.1.x86_64",
"product": {
"name": "go1.25-race-1.25.10-160000.1.1.x86_64",
"product_id": "go1.25-race-1.25.10-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-1.25.10-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64"
},
"product_reference": "go1.25-1.25.10-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-1.25.10-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le"
},
"product_reference": "go1.25-1.25.10-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-1.25.10-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x"
},
"product_reference": "go1.25-1.25.10-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-1.25.10-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64"
},
"product_reference": "go1.25-1.25.10-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-doc-1.25.10-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64"
},
"product_reference": "go1.25-doc-1.25.10-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-doc-1.25.10-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le"
},
"product_reference": "go1.25-doc-1.25.10-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-doc-1.25.10-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x"
},
"product_reference": "go1.25-doc-1.25.10-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-doc-1.25.10-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64"
},
"product_reference": "go1.25-doc-1.25.10-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-libstd-1.25.10-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64"
},
"product_reference": "go1.25-libstd-1.25.10-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-libstd-1.25.10-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64"
},
"product_reference": "go1.25-libstd-1.25.10-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-race-1.25.10-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64"
},
"product_reference": "go1.25-race-1.25.10-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-race-1.25.10-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le"
},
"product_reference": "go1.25-race-1.25.10-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-race-1.25.10-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x"
},
"product_reference": "go1.25-race-1.25.10-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.25-race-1.25.10-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
},
"product_reference": "go1.25-race-1.25.10-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33811",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33811"
}
],
"notes": [
{
"category": "general",
"text": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33811",
"url": "https://www.suse.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "SUSE Bug 1264508 for CVE-2026-33811",
"url": "https://bugzilla.suse.com/1264508"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T00:17:42Z",
"details": "important"
}
],
"title": "CVE-2026-33811"
},
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T00:17:42Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-39817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39817"
}
],
"notes": [
{
"category": "general",
"text": "The \"go tool pack\" subcommand (usually used only by the compiler as an internal tool with known-good inputs) does not sanitize output filenames. Extracting a malicious archive file with the \"pack\" subcommand can write files to arbitrary locations on the filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39817",
"url": "https://www.suse.com/security/cve/CVE-2026-39817"
},
{
"category": "external",
"summary": "SUSE Bug 1264505 for CVE-2026-39817",
"url": "https://bugzilla.suse.com/1264505"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T00:17:42Z",
"details": "moderate"
}
],
"title": "CVE-2026-39817"
},
{
"cve": "CVE-2026-39819",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39819"
}
],
"notes": [
{
"category": "general",
"text": "The \"go bug\" command writes to two files with predictable names in the system temporary directory (for example, \"/tmp\"). An attacker with access to the temporary directory can create a symlink in one of these names, causing \"go bug\" to overwrite the target of the symlink.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39819",
"url": "https://www.suse.com/security/cve/CVE-2026-39819"
},
{
"category": "external",
"summary": "SUSE Bug 1264504 for CVE-2026-39819",
"url": "https://bugzilla.suse.com/1264504"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T00:17:42Z",
"details": "moderate"
}
],
"title": "CVE-2026-39819"
},
{
"cve": "CVE-2026-39820",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39820"
}
],
"notes": [
{
"category": "general",
"text": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39820",
"url": "https://www.suse.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "SUSE Bug 1264503 for CVE-2026-39820",
"url": "https://bugzilla.suse.com/1264503"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T00:17:42Z",
"details": "important"
}
],
"title": "CVE-2026-39820"
},
{
"cve": "CVE-2026-39823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39823"
}
],
"notes": [
{
"category": "general",
"text": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag\u0027s \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the \u0027=\u0027 rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39823",
"url": "https://www.suse.com/security/cve/CVE-2026-39823"
},
{
"category": "external",
"summary": "SUSE Bug 1264509 for CVE-2026-39823",
"url": "https://bugzilla.suse.com/1264509"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T00:17:42Z",
"details": "moderate"
}
],
"title": "CVE-2026-39823"
},
{
"cve": "CVE-2026-39825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39825"
}
],
"notes": [
{
"category": "general",
"text": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery\u0027s limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy\u0027s Rewrite function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39825",
"url": "https://www.suse.com/security/cve/CVE-2026-39825"
},
{
"category": "external",
"summary": "SUSE Bug 1264500 for CVE-2026-39825",
"url": "https://bugzilla.suse.com/1264500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T00:17:42Z",
"details": "moderate"
}
],
"title": "CVE-2026-39825"
},
{
"cve": "CVE-2026-39826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39826"
}
],
"notes": [
{
"category": "general",
"text": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty \u0027type\u0027 attribute or a \u0027type\u0027 attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39826",
"url": "https://www.suse.com/security/cve/CVE-2026-39826"
},
{
"category": "external",
"summary": "SUSE Bug 1264507 for CVE-2026-39826",
"url": "https://bugzilla.suse.com/1264507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T00:17:42Z",
"details": "moderate"
}
],
"title": "CVE-2026-39826"
},
{
"cve": "CVE-2026-39836",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39836"
}
],
"notes": [
{
"category": "general",
"text": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39836",
"url": "https://www.suse.com/security/cve/CVE-2026-39836"
},
{
"category": "external",
"summary": "SUSE Bug 1264501 for CVE-2026-39836",
"url": "https://bugzilla.suse.com/1264501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T00:17:42Z",
"details": "important"
}
],
"title": "CVE-2026-39836"
},
{
"cve": "CVE-2026-42499",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42499"
}
],
"notes": [
{
"category": "general",
"text": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42499",
"url": "https://www.suse.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "SUSE Bug 1264502 for CVE-2026-42499",
"url": "https://bugzilla.suse.com/1264502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T00:17:42Z",
"details": "important"
}
],
"title": "CVE-2026-42499"
},
{
"cve": "CVE-2026-42501",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42501"
}
],
"notes": [
{
"category": "general",
"text": "A malicious module proxy can exploit a flaw in the go command\u0027s validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy (GOMODPROXY) or checksum database (GOSUMDB). A malicious module proxy can serve altered versions of the Go toolchain. When selecting a different version of the Go toolchain than the currently installed toolchain (due to the GOTOOLCHAIN environment variable, or a go.work or go.mod with a toolchain line), the go command will download and execute a toolchain provided by the module proxy. A malicious module proxy can bypass checksum database validation for this downloaded toolchain. Since this vulnerability affects the security of toolchain downloads, setting GOTOOLCHAIN to a fixed version is not sufficient. You must upgrade your base Go toolchain. The go tool always validates the hash of a toolchain before executing it, so fixed versions will refuse to execute any cached, altered versions of the toolchain. The go tool trusts go.sum files to contain accurate hashes of the current module\u0027s dependencies. A malicious proxy exploiting this vulnerability to serve an altered module will have caused an incorrect hash to be recorded in the go.sum. Users who have configured a non-trusted GOPROXY can determine if they have been affected by running \"rm go.sum ; go mod tidy ; go mod verify\", which will revalidate all dependencies of the current module. The specific flaw in more detail: The go command consults the checksum database to validate downloaded modules, when a module is not listed in the go.sum file. It verifies that the module hash reported by the checksum database matches the hash of the downloaded module. If, however, the checksum database returns a successful response that contains no entry for the module, the go command incorrectly permitted validation to succeed. A module proxy may mirror or proxy the checksum database, in which case the go command will not connect to the checksum database directly. Checksums reported by the checksum database are cryptographically signed, so a malicious proxy cannot alter the reported checksum for a module. However, a proxy which returns an empty checksum response, or a checksum response for an unrelated module, could cause the go command to proceed as if a downloaded module has been validated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42501",
"url": "https://www.suse.com/security/cve/CVE-2026-42501"
},
{
"category": "external",
"summary": "SUSE Bug 1264499 for CVE-2026-42501",
"url": "https://bugzilla.suse.com/1264499"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-doc-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-libstd-1.25.10-160000.1.1.x86_64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.aarch64",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.ppc64le",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.s390x",
"openSUSE Leap 16.0:go1.25-race-1.25.10-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T00:17:42Z",
"details": "important"
}
],
"title": "CVE-2026-42501"
}
]
}
RHSA-2026:23262
Vulnerability from csaf_redhat - Published: 2026-06-04 12:39 - Updated: 2026-07-02 21:45A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `html/template` package of Go. A remote attacker could exploit this vulnerability by inserting ASCII whitespaces around the equals sign (`=`) within a URL's content attribute inside a `<meta>` tag. This improper escaping could lead to Cross-Site Scripting (XSS), allowing the attacker to execute malicious scripts in the user's browser.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `net/http/httputil` package, specifically within the `ReverseProxy` component. This vulnerability allows the `ReverseProxy` to forward query parameters that are not visible to `Rewrite` functions. This occurs because the `ReverseProxy` does not correctly consider the `url.ParseQuery` limit on the total number of query parameters. A remote attacker could exploit this to send hidden query parameters, potentially bypassing security policies or controls implemented by `Rewrite` functions, leading to information disclosure or unexpected behavior.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in html/template. A trusted template author could craft a script tag with an empty or whitespace-only 'type' attribute. This vulnerability causes the template engine to incorrectly escape data passed into the script block, potentially leading to cross-site scripting (XSS). An attacker could leverage this to execute arbitrary client-side scripts in a user's browser.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the net/textproto package in Golang. When functions in this package return errors, they include their input as part of the error message. An attacker could exploit this by injecting misleading content into these error messages, which are then printed or logged. This could lead to confusion or misinterpretation of critical system information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang.org/x/crypto/ssh/knownhosts. This vulnerability occurs because the system did not correctly check for the revocation status of a SignatureKey belonging to a Certificate Authority (CA). A remote attacker could potentially exploit this by presenting a revoked key, leading to the system accepting it as valid. This could allow an attacker to bypass security checks and potentially gain unauthorized access or spoof legitimate entities.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in golang.org/x/crypto/ssh. Source-address validation can be skipped when an SSH server configuration uses an authentication callback type other than public key, allowing authorization bypass in misconfigured servers. This is a follow-on to incomplete coverage from the CVE-2024-45337 fix.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\ngolang1.25:\n * golang1.25-1.25.11-2.hum1 (aarch64, x86_64)\n * golang1.25-bin-1.25.11-2.hum1 (aarch64, x86_64)\n * golang1.25-docs-1.25.11-2.hum1 (noarch)\n * golang1.25-misc-1.25.11-2.hum1 (noarch)\n * golang1.25-src-1.25.11-2.hum1 (noarch)\n * golang1.25-tests-1.25.11-2.hum1 (noarch)\n * golang1.25-1.25.11-2.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:23262",
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42504",
"url": "https://access.redhat.com/security/cve/CVE-2026-42504"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27145",
"url": "https://access.redhat.com/security/cve/CVE-2026-27145"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42507",
"url": "https://access.redhat.com/security/cve/CVE-2026-42507"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39821",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-46595",
"url": "https://access.redhat.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39826",
"url": "https://access.redhat.com/security/cve/CVE-2026-39826"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33811",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39820",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39836",
"url": "https://access.redhat.com/security/cve/CVE-2026-39836"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39825",
"url": "https://access.redhat.com/security/cve/CVE-2026-39825"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39823",
"url": "https://access.redhat.com/security/cve/CVE-2026-39823"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33814",
"url": "https://access.redhat.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42508",
"url": "https://access.redhat.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42501",
"url": "https://access.redhat.com/security/cve/CVE-2026-42501"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_23262.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-07-02T21:45:53+00:00",
"generator": {
"date": "2026-07-02T21:45:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:23262",
"initial_release_date": "2026-06-04T12:39:22+00:00",
"revision_history": [
{
"date": "2026-06-04T12:39:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-26T14:08:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-02T21:45:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-25-main@aarch64",
"product": {
"name": "golang1-25-main@aarch64",
"product_id": "golang1-25-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.25@1.25.11-2.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-25-main@src",
"product": {
"name": "golang1-25-main@src",
"product_id": "golang1-25-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.25@1.25.11-2.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-25-main@x86_64",
"product": {
"name": "golang1-25-main@x86_64",
"product_id": "golang1-25-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.25@1.25.11-2.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-25-main@noarch",
"product": {
"name": "golang1-25-main@noarch",
"product_id": "golang1-25-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.25-docs@1.25.11-2.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-25-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-25-main@aarch64"
},
"product_reference": "golang1-25-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-25-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-25-main@noarch"
},
"product_reference": "golang1-25-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-25-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-25-main@src"
},
"product_reference": "golang1-25-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-25-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-25-main@x86_64"
},
"product_reference": "golang1-25-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33811",
"cwe": {
"id": "CWE-1341",
"name": "Multiple Releases of Same Resource or Handle"
},
"discovery_date": "2026-05-07T20:01:34.913869+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467822"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net` package, affecting applications configured to use the `cgo` DNS resolver. A remote attacker could trigger a double-free memory error by providing a very long CNAME response, leading to a crash of the vulnerable application and impacting service availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "RHBZ#2467822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33811",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33811"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://go.dev/cl/767860",
"url": "https://go.dev/cl/767860"
},
{
"category": "external",
"summary": "https://go.dev/issue/78803",
"url": "https://go.dev/issue/78803"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4981",
"url": "https://pkg.go.dev/vuln/GO-2026-4981"
}
],
"release_date": "2026-05-07T19:41:19.285000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:39:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications can be configured to use the pure Go DNS resolver instead of the `cgo` DNS resolver. This can be achieved by setting the `GODEBUG` environment variable to `netdns=go`. For example, to run a Go application with this mitigation: `GODEBUG=netdns=go /path/to/your/go/application`. This change may require restarting affected applications or services to take effect. Users should verify that this change does not negatively impact DNS resolution for their specific application environment.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
},
{
"cve": "CVE-2026-33814",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-07T20:01:11.324941+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467815"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important denial of service flaw in the Go HTTP/2 protocol implementation allows a remote, unauthenticated attacker to exhaust system resources. By sending a specially crafted HTTP/2 SETTINGS frame with a zero-value SETTINGS_MAX_FRAME_SIZE, the vulnerable Go library enters an infinite loop, impacting the availability of services utilizing HTTP/2.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "RHBZ#2467815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467815"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33814",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814"
},
{
"category": "external",
"summary": "https://go.dev/cl/761581",
"url": "https://go.dev/cl/761581"
},
{
"category": "external",
"summary": "https://go.dev/cl/761640",
"url": "https://go.dev/cl/761640"
},
{
"category": "external",
"summary": "https://go.dev/issue/78476",
"url": "https://go.dev/issue/78476"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4918",
"url": "https://pkg.go.dev/vuln/GO-2026-4918"
}
],
"release_date": "2026-05-07T19:41:17.631000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:39:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame"
},
{
"cve": "CVE-2026-39821",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-22T16:00:52.844126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480756"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/net/idna is vulnerable to privilege escalation through incorrect Punycode label handling in ToASCII and ToUnicode. An attacker who can supply a Punycode hostname that passes an ASCII-only authorization check may have it normalized to a restricted ASCII name the application intended to block. Red Hat exposure is broad across products shipping the Go toolchain or bundling golang.org/x/net, including RHEL and RHEL-AI golang RPMs, hummingbird Go runtimes, OpenShift and ODF container builds, and Ceph/OpenShift components compiled against affected x/net versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "RHBZ#2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://go.dev/cl/767220",
"url": "https://go.dev/cl/767220"
},
{
"category": "external",
"summary": "https://go.dev/issue/78760",
"url": "https://go.dev/issue/78760"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8",
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5026",
"url": "https://pkg.go.dev/vuln/GO-2026-5026"
}
],
"release_date": "2026-05-22T15:01:21.462000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:39:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing"
},
{
"cve": "CVE-2026-39823",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-05-07T20:00:58.284024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467811"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `html/template` package of Go. A remote attacker could exploit this vulnerability by inserting ASCII whitespaces around the equals sign (`=`) within a URL\u0027s content attribute inside a `\u003cmeta\u003e` tag. This improper escaping could lead to Cross-Site Scripting (XSS), allowing the attacker to execute malicious scripts in the user\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat products ship the Go `html/template` package as a dependency of various Go-based components. The affected functionality involves URL escaping inside `\u003cmeta\u003e` tag content attributes, which requires an application to render user-controlled URLs in meta tags using `html/template`. While the vulnerable code is present, exploitation requires a specific usage pattern that is uncommon in Red Hat product code paths.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39823"
},
{
"category": "external",
"summary": "RHBZ#2467811",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467811"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39823",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39823"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39823",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39823"
},
{
"category": "external",
"summary": "https://go.dev/cl/769920",
"url": "https://go.dev/cl/769920"
},
{
"category": "external",
"summary": "https://go.dev/issue/78913",
"url": "https://go.dev/issue/78913"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4982",
"url": "https://pkg.go.dev/vuln/GO-2026-4982"
}
],
"release_date": "2026-05-07T19:41:19.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:39:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"category": "workaround",
"details": "Ensure that user-supplied URLs are validated and sanitized before being passed to Go\u0027s `html/template` package for rendering in HTML meta tag content attributes. Avoid rendering untrusted URL data directly in meta tag content attributes.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content"
},
{
"cve": "CVE-2026-39825",
"cwe": {
"id": "CWE-472",
"name": "External Control of Assumed-Immutable Web Parameter"
},
"discovery_date": "2026-05-07T20:01:37.714133+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467823"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/http/httputil` package, specifically within the `ReverseProxy` component. This vulnerability allows the `ReverseProxy` to forward query parameters that are not visible to `Rewrite` functions. This occurs because the `ReverseProxy` does not correctly consider the `url.ParseQuery` limit on the total number of query parameters. A remote attacker could exploit this to send hidden query parameters, potentially bypassing security policies or controls implemented by `Rewrite` functions, leading to information disclosure or unexpected behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in Go\u0027s net/http/httputil package where ReverseProxy can forward query parameters that are hidden from Rewrite or Director functions. This occurs when the number of query parameters exceeds the url.ParseQuery limit (controlled by the GODEBUG setting urlmaxqueryparams). While Red Hat ships Go-based components across many products, exploitation requires that an application use ReverseProxy with a Rewrite or Director function that relies on query parameter inspection for security enforcement, which limits the practical impact of this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39825"
},
{
"category": "external",
"summary": "RHBZ#2467823",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467823"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39825",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39825"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39825",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39825"
},
{
"category": "external",
"summary": "https://go.dev/cl/770541",
"url": "https://go.dev/cl/770541"
},
{
"category": "external",
"summary": "https://go.dev/issue/78948",
"url": "https://go.dev/issue/78948"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4976",
"url": "https://pkg.go.dev/vuln/GO-2026-4976"
}
],
"release_date": "2026-05-07T19:41:18.453000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:39:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"category": "workaround",
"details": "Increase the maximum number of query parameters allowed by setting the GODEBUG environment variable `urlmaxqueryparams` to a higher value (e.g., `GODEBUG=urlmaxqueryparams=20000`), or validate and enforce security controls on query parameters at the backend service rather than relying solely on the ReverseProxy\u0027s Rewrite or Director function for security filtering.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls"
},
{
"cve": "CVE-2026-39826",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-07T20:01:46.305827+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467826"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in html/template. A trusted template author could craft a script tag with an empty or whitespace-only \u0027type\u0027 attribute. This vulnerability causes the template engine to incorrectly escape data passed into the script block, potentially leading to cross-site scripting (XSS). An attacker could leverage this to execute arbitrary client-side scripts in a user\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39826"
},
{
"category": "external",
"summary": "RHBZ#2467826",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467826"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39826",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39826"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39826",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39826"
},
{
"category": "external",
"summary": "https://go.dev/cl/771180",
"url": "https://go.dev/cl/771180"
},
{
"category": "external",
"summary": "https://go.dev/issue/78981",
"url": "https://go.dev/issue/78981"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4980",
"url": "https://pkg.go.dev/vuln/GO-2026-4980"
}
],
"release_date": "2026-05-07T19:41:19.138000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:39:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping"
},
{
"cve": "CVE-2026-42507",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2026-06-02T23:01:03.125126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2484205"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/textproto package in Golang. When functions in this package return errors, they include their input as part of the error message. An attacker could exploit this by injecting misleading content into these error messages, which are then printed or logged. This could lead to confusion or misinterpretation of critical system information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/textproto: golang: Golang net/textproto: Misleading error messages via input injection",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42507"
},
{
"category": "external",
"summary": "RHBZ#2484205",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2484205"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42507",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42507"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42507",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42507"
},
{
"category": "external",
"summary": "https://go.dev/cl/777060",
"url": "https://go.dev/cl/777060"
},
{
"category": "external",
"summary": "https://go.dev/issue/79346",
"url": "https://go.dev/issue/79346"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/tKs3rmcBcKw",
"url": "https://groups.google.com/g/golang-announce/c/tKs3rmcBcKw"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5039",
"url": "https://pkg.go.dev/vuln/GO-2026-5039"
}
],
"release_date": "2026-06-02T22:01:37.307000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:39:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/textproto: golang: Golang net/textproto: Misleading error messages via input injection"
},
{
"cve": "CVE-2026-42508",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-05-22T04:01:49.515058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480688"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh/knownhosts. This vulnerability occurs because the system did not correctly check for the revocation status of a SignatureKey belonging to a Certificate Authority (CA). A remote attacker could potentially exploit this by presenting a revoked key, leading to the system accepting it as valid. This could allow an attacker to bypass security checks and potentially gain unauthorized access or spoof legitimate entities.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "RHBZ#2480688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480688"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42508",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42508"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42508",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42508"
},
{
"category": "external",
"summary": "https://go.dev/cl/781220",
"url": "https://go.dev/cl/781220"
},
{
"category": "external",
"summary": "https://go.dev/issue/79568",
"url": "https://go.dev/issue/79568"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5021",
"url": "https://pkg.go.dev/vuln/GO-2026-5021"
}
],
"release_date": "2026-05-22T02:31:27.644000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:39:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey"
},
{
"cve": "CVE-2026-46595",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"discovery_date": "2026-05-22T04:01:52.215134+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480689"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. Source-address validation can be skipped when an SSH server configuration uses an authentication callback type other than public key, allowing authorization bypass in misconfigured servers. This is a follow-on to incomplete coverage from the CVE-2024-45337 fix.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/crypto/ssh is vulnerable to authorization bypass when SSH server configurations rely on source-address validation alongside non-public-key authentication callbacks. An attacker with low privileges who can authenticate through such a callback path may bypass intended source-address restrictions and gain unauthorized SSH access. Red Hat impact sits in services built with affected x/crypto/ssh, including RHEL golang streams, hummingbird Go toolchains, RHACM/MCE agents, and OpenShift or Ceph components that embed Go SSH servers with mixed callback types.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "RHBZ#2480689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-46595",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46595"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-46595",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46595"
},
{
"category": "external",
"summary": "https://go.dev/cl/781642",
"url": "https://go.dev/cl/781642"
},
{
"category": "external",
"summary": "https://go.dev/issue/79570",
"url": "https://go.dev/issue/79570"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5023",
"url": "https://pkg.go.dev/vuln/GO-2026-5023"
}
],
"release_date": "2026-05-22T02:31:27.894000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:39:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/crypto/ssh release via updated golang or package rebuilds. Ensure SSH servers use supported public-key callback configurations with source-address validation as intended.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation"
}
]
}
RHSA-2026:23264
Vulnerability from csaf_redhat - Published: 2026-06-04 12:43 - Updated: 2026-07-02 21:45A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `html/template` package of Go. A remote attacker could exploit this vulnerability by inserting ASCII whitespaces around the equals sign (`=`) within a URL's content attribute inside a `<meta>` tag. This improper escaping could lead to Cross-Site Scripting (XSS), allowing the attacker to execute malicious scripts in the user's browser.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `net/http/httputil` package, specifically within the `ReverseProxy` component. This vulnerability allows the `ReverseProxy` to forward query parameters that are not visible to `Rewrite` functions. This occurs because the `ReverseProxy` does not correctly consider the `url.ParseQuery` limit on the total number of query parameters. A remote attacker could exploit this to send hidden query parameters, potentially bypassing security policies or controls implemented by `Rewrite` functions, leading to information disclosure or unexpected behavior.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in html/template. A trusted template author could craft a script tag with an empty or whitespace-only 'type' attribute. This vulnerability causes the template engine to incorrectly escape data passed into the script block, potentially leading to cross-site scripting (XSS). An attacker could leverage this to execute arbitrary client-side scripts in a user's browser.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the net/textproto package in Golang. When functions in this package return errors, they include their input as part of the error message. An attacker could exploit this by injecting misleading content into these error messages, which are then printed or logged. This could lead to confusion or misinterpretation of critical system information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang.org/x/crypto/ssh/knownhosts. This vulnerability occurs because the system did not correctly check for the revocation status of a SignatureKey belonging to a Certificate Authority (CA). A remote attacker could potentially exploit this by presenting a revoked key, leading to the system accepting it as valid. This could allow an attacker to bypass security checks and potentially gain unauthorized access or spoof legitimate entities.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in golang.org/x/crypto/ssh. Source-address validation can be skipped when an SSH server configuration uses an authentication callback type other than public key, allowing authorization bypass in misconfigured servers. This is a follow-on to incomplete coverage from the CVE-2024-45337 fix.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\ngolang1.26:\n * golang1.26-1.26.4-2.hum1 (aarch64, x86_64)\n * golang1.26-bin-1.26.4-2.hum1 (aarch64, x86_64)\n * golang1.26-docs-1.26.4-2.hum1 (noarch)\n * golang1.26-misc-1.26.4-2.hum1 (noarch)\n * golang1.26-src-1.26.4-2.hum1 (noarch)\n * golang1.26-tests-1.26.4-2.hum1 (noarch)\n * golang1.26-1.26.4-2.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:23264",
"url": "https://access.redhat.com/errata/RHSA-2026:23264"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42504",
"url": "https://access.redhat.com/security/cve/CVE-2026-42504"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27145",
"url": "https://access.redhat.com/security/cve/CVE-2026-27145"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42507",
"url": "https://access.redhat.com/security/cve/CVE-2026-42507"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39821",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-46595",
"url": "https://access.redhat.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39826",
"url": "https://access.redhat.com/security/cve/CVE-2026-39826"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39820",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33811",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39836",
"url": "https://access.redhat.com/security/cve/CVE-2026-39836"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39825",
"url": "https://access.redhat.com/security/cve/CVE-2026-39825"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39823",
"url": "https://access.redhat.com/security/cve/CVE-2026-39823"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33814",
"url": "https://access.redhat.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42508",
"url": "https://access.redhat.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42501",
"url": "https://access.redhat.com/security/cve/CVE-2026-42501"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_23264.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-07-02T21:45:53+00:00",
"generator": {
"date": "2026-07-02T21:45:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:23264",
"initial_release_date": "2026-06-04T12:43:59+00:00",
"revision_history": [
{
"date": "2026-06-04T12:43:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-26T14:08:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-02T21:45:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-26-main@aarch64",
"product": {
"name": "golang1-26-main@aarch64",
"product_id": "golang1-26-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.26@1.26.4-2.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-26-main@src",
"product": {
"name": "golang1-26-main@src",
"product_id": "golang1-26-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.26@1.26.4-2.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-26-main@x86_64",
"product": {
"name": "golang1-26-main@x86_64",
"product_id": "golang1-26-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.26@1.26.4-2.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-26-main@noarch",
"product": {
"name": "golang1-26-main@noarch",
"product_id": "golang1-26-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.26-docs@1.26.4-2.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-26-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-26-main@aarch64"
},
"product_reference": "golang1-26-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-26-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-26-main@noarch"
},
"product_reference": "golang1-26-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-26-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-26-main@src"
},
"product_reference": "golang1-26-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-26-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-26-main@x86_64"
},
"product_reference": "golang1-26-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33811",
"cwe": {
"id": "CWE-1341",
"name": "Multiple Releases of Same Resource or Handle"
},
"discovery_date": "2026-05-07T20:01:34.913869+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467822"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net` package, affecting applications configured to use the `cgo` DNS resolver. A remote attacker could trigger a double-free memory error by providing a very long CNAME response, leading to a crash of the vulnerable application and impacting service availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "RHBZ#2467822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33811",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33811"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://go.dev/cl/767860",
"url": "https://go.dev/cl/767860"
},
{
"category": "external",
"summary": "https://go.dev/issue/78803",
"url": "https://go.dev/issue/78803"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4981",
"url": "https://pkg.go.dev/vuln/GO-2026-4981"
}
],
"release_date": "2026-05-07T19:41:19.285000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:43:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23264"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications can be configured to use the pure Go DNS resolver instead of the `cgo` DNS resolver. This can be achieved by setting the `GODEBUG` environment variable to `netdns=go`. For example, to run a Go application with this mitigation: `GODEBUG=netdns=go /path/to/your/go/application`. This change may require restarting affected applications or services to take effect. Users should verify that this change does not negatively impact DNS resolution for their specific application environment.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
},
{
"cve": "CVE-2026-33814",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-07T20:01:11.324941+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467815"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important denial of service flaw in the Go HTTP/2 protocol implementation allows a remote, unauthenticated attacker to exhaust system resources. By sending a specially crafted HTTP/2 SETTINGS frame with a zero-value SETTINGS_MAX_FRAME_SIZE, the vulnerable Go library enters an infinite loop, impacting the availability of services utilizing HTTP/2.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "RHBZ#2467815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467815"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33814",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814"
},
{
"category": "external",
"summary": "https://go.dev/cl/761581",
"url": "https://go.dev/cl/761581"
},
{
"category": "external",
"summary": "https://go.dev/cl/761640",
"url": "https://go.dev/cl/761640"
},
{
"category": "external",
"summary": "https://go.dev/issue/78476",
"url": "https://go.dev/issue/78476"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4918",
"url": "https://pkg.go.dev/vuln/GO-2026-4918"
}
],
"release_date": "2026-05-07T19:41:17.631000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:43:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23264"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame"
},
{
"cve": "CVE-2026-39821",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-22T16:00:52.844126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480756"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/net/idna is vulnerable to privilege escalation through incorrect Punycode label handling in ToASCII and ToUnicode. An attacker who can supply a Punycode hostname that passes an ASCII-only authorization check may have it normalized to a restricted ASCII name the application intended to block. Red Hat exposure is broad across products shipping the Go toolchain or bundling golang.org/x/net, including RHEL and RHEL-AI golang RPMs, hummingbird Go runtimes, OpenShift and ODF container builds, and Ceph/OpenShift components compiled against affected x/net versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "RHBZ#2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://go.dev/cl/767220",
"url": "https://go.dev/cl/767220"
},
{
"category": "external",
"summary": "https://go.dev/issue/78760",
"url": "https://go.dev/issue/78760"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8",
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5026",
"url": "https://pkg.go.dev/vuln/GO-2026-5026"
}
],
"release_date": "2026-05-22T15:01:21.462000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:43:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23264"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing"
},
{
"cve": "CVE-2026-39823",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-05-07T20:00:58.284024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467811"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `html/template` package of Go. A remote attacker could exploit this vulnerability by inserting ASCII whitespaces around the equals sign (`=`) within a URL\u0027s content attribute inside a `\u003cmeta\u003e` tag. This improper escaping could lead to Cross-Site Scripting (XSS), allowing the attacker to execute malicious scripts in the user\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat products ship the Go `html/template` package as a dependency of various Go-based components. The affected functionality involves URL escaping inside `\u003cmeta\u003e` tag content attributes, which requires an application to render user-controlled URLs in meta tags using `html/template`. While the vulnerable code is present, exploitation requires a specific usage pattern that is uncommon in Red Hat product code paths.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39823"
},
{
"category": "external",
"summary": "RHBZ#2467811",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467811"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39823",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39823"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39823",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39823"
},
{
"category": "external",
"summary": "https://go.dev/cl/769920",
"url": "https://go.dev/cl/769920"
},
{
"category": "external",
"summary": "https://go.dev/issue/78913",
"url": "https://go.dev/issue/78913"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4982",
"url": "https://pkg.go.dev/vuln/GO-2026-4982"
}
],
"release_date": "2026-05-07T19:41:19.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:43:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23264"
},
{
"category": "workaround",
"details": "Ensure that user-supplied URLs are validated and sanitized before being passed to Go\u0027s `html/template` package for rendering in HTML meta tag content attributes. Avoid rendering untrusted URL data directly in meta tag content attributes.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content"
},
{
"cve": "CVE-2026-39825",
"cwe": {
"id": "CWE-472",
"name": "External Control of Assumed-Immutable Web Parameter"
},
"discovery_date": "2026-05-07T20:01:37.714133+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467823"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/http/httputil` package, specifically within the `ReverseProxy` component. This vulnerability allows the `ReverseProxy` to forward query parameters that are not visible to `Rewrite` functions. This occurs because the `ReverseProxy` does not correctly consider the `url.ParseQuery` limit on the total number of query parameters. A remote attacker could exploit this to send hidden query parameters, potentially bypassing security policies or controls implemented by `Rewrite` functions, leading to information disclosure or unexpected behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in Go\u0027s net/http/httputil package where ReverseProxy can forward query parameters that are hidden from Rewrite or Director functions. This occurs when the number of query parameters exceeds the url.ParseQuery limit (controlled by the GODEBUG setting urlmaxqueryparams). While Red Hat ships Go-based components across many products, exploitation requires that an application use ReverseProxy with a Rewrite or Director function that relies on query parameter inspection for security enforcement, which limits the practical impact of this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39825"
},
{
"category": "external",
"summary": "RHBZ#2467823",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467823"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39825",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39825"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39825",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39825"
},
{
"category": "external",
"summary": "https://go.dev/cl/770541",
"url": "https://go.dev/cl/770541"
},
{
"category": "external",
"summary": "https://go.dev/issue/78948",
"url": "https://go.dev/issue/78948"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4976",
"url": "https://pkg.go.dev/vuln/GO-2026-4976"
}
],
"release_date": "2026-05-07T19:41:18.453000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:43:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23264"
},
{
"category": "workaround",
"details": "Increase the maximum number of query parameters allowed by setting the GODEBUG environment variable `urlmaxqueryparams` to a higher value (e.g., `GODEBUG=urlmaxqueryparams=20000`), or validate and enforce security controls on query parameters at the backend service rather than relying solely on the ReverseProxy\u0027s Rewrite or Director function for security filtering.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls"
},
{
"cve": "CVE-2026-39826",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-07T20:01:46.305827+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467826"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in html/template. A trusted template author could craft a script tag with an empty or whitespace-only \u0027type\u0027 attribute. This vulnerability causes the template engine to incorrectly escape data passed into the script block, potentially leading to cross-site scripting (XSS). An attacker could leverage this to execute arbitrary client-side scripts in a user\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39826"
},
{
"category": "external",
"summary": "RHBZ#2467826",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467826"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39826",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39826"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39826",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39826"
},
{
"category": "external",
"summary": "https://go.dev/cl/771180",
"url": "https://go.dev/cl/771180"
},
{
"category": "external",
"summary": "https://go.dev/issue/78981",
"url": "https://go.dev/issue/78981"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4980",
"url": "https://pkg.go.dev/vuln/GO-2026-4980"
}
],
"release_date": "2026-05-07T19:41:19.138000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:43:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23264"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping"
},
{
"cve": "CVE-2026-42507",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2026-06-02T23:01:03.125126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2484205"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/textproto package in Golang. When functions in this package return errors, they include their input as part of the error message. An attacker could exploit this by injecting misleading content into these error messages, which are then printed or logged. This could lead to confusion or misinterpretation of critical system information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/textproto: golang: Golang net/textproto: Misleading error messages via input injection",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42507"
},
{
"category": "external",
"summary": "RHBZ#2484205",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2484205"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42507",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42507"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42507",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42507"
},
{
"category": "external",
"summary": "https://go.dev/cl/777060",
"url": "https://go.dev/cl/777060"
},
{
"category": "external",
"summary": "https://go.dev/issue/79346",
"url": "https://go.dev/issue/79346"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/tKs3rmcBcKw",
"url": "https://groups.google.com/g/golang-announce/c/tKs3rmcBcKw"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5039",
"url": "https://pkg.go.dev/vuln/GO-2026-5039"
}
],
"release_date": "2026-06-02T22:01:37.307000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:43:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23264"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/textproto: golang: Golang net/textproto: Misleading error messages via input injection"
},
{
"cve": "CVE-2026-42508",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-05-22T04:01:49.515058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480688"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh/knownhosts. This vulnerability occurs because the system did not correctly check for the revocation status of a SignatureKey belonging to a Certificate Authority (CA). A remote attacker could potentially exploit this by presenting a revoked key, leading to the system accepting it as valid. This could allow an attacker to bypass security checks and potentially gain unauthorized access or spoof legitimate entities.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "RHBZ#2480688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480688"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42508",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42508"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42508",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42508"
},
{
"category": "external",
"summary": "https://go.dev/cl/781220",
"url": "https://go.dev/cl/781220"
},
{
"category": "external",
"summary": "https://go.dev/issue/79568",
"url": "https://go.dev/issue/79568"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5021",
"url": "https://pkg.go.dev/vuln/GO-2026-5021"
}
],
"release_date": "2026-05-22T02:31:27.644000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:43:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23264"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey"
},
{
"cve": "CVE-2026-46595",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"discovery_date": "2026-05-22T04:01:52.215134+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480689"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. Source-address validation can be skipped when an SSH server configuration uses an authentication callback type other than public key, allowing authorization bypass in misconfigured servers. This is a follow-on to incomplete coverage from the CVE-2024-45337 fix.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/crypto/ssh is vulnerable to authorization bypass when SSH server configurations rely on source-address validation alongside non-public-key authentication callbacks. An attacker with low privileges who can authenticate through such a callback path may bypass intended source-address restrictions and gain unauthorized SSH access. Red Hat impact sits in services built with affected x/crypto/ssh, including RHEL golang streams, hummingbird Go toolchains, RHACM/MCE agents, and OpenShift or Ceph components that embed Go SSH servers with mixed callback types.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "RHBZ#2480689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-46595",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46595"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-46595",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46595"
},
{
"category": "external",
"summary": "https://go.dev/cl/781642",
"url": "https://go.dev/cl/781642"
},
{
"category": "external",
"summary": "https://go.dev/issue/79570",
"url": "https://go.dev/issue/79570"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5023",
"url": "https://pkg.go.dev/vuln/GO-2026-5023"
}
],
"release_date": "2026-05-22T02:31:27.894000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:43:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23264"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/crypto/ssh release via updated golang or package rebuilds. Ensure SSH servers use supported public-key callback configurations with source-address validation as intended.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation"
}
]
}
RHSA-2026:33120
Vulnerability from csaf_redhat - Published: 2026-06-29 14:23 - Updated: 2026-07-02 13:40A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64 | — |
Workaround
|
A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64 | — |
Workaround
|
A flaw was found in the `net/mail` package of the Go programming language. An attacker could provide specially crafted inputs to the `ParseAddress`, `ParseAddressList`, or `ParseDate` functions. This could lead to excessive consumption of CPU and memory resources, resulting in a Denial of Service (DoS) for applications processing these inputs.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64 | — |
Workaround
|
A flaw was found in the `net/mail` package within the Go standard library. A remote attacker could provide specially crafted, pathological email addresses. When these malformed email addresses are parsed by the `consumePhrase` function, it can lead to excessive resource consumption due to quadratic string concatenation, resulting in a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 3.0.13\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 3.0.13, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n\nSecurity Fix(es):\n\n* CVE-2026-39820 openshift-golang-builder-container: Go net/mail: Denial of Service via crafted email inputs (OSSM-14269)\n* CVE-2026-42499 openshift-golang-builder-container: net/mail: Denial of Service via pathological email address parsing (OSSM-14500)\n* CVE-2026-33814 openshift-golang-builder-container: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame (OSSM-14548)\n* CVE-2026-33811 openshift-golang-builder-container: Go net package: Denial of Service via long CNAME response in LookupCNAME (OSSM-14564)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:33120",
"url": "https://access.redhat.com/errata/RHSA-2026:33120"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33811",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33814",
"url": "https://access.redhat.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39820",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42499",
"url": "https://access.redhat.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33120.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.0.13",
"tracking": {
"current_release_date": "2026-07-02T13:40:56+00:00",
"generator": {
"date": "2026-07-02T13:40:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:33120",
"initial_release_date": "2026-06-29T14:23:25+00:00",
"revision_history": [
{
"date": "2026-06-29T14:23:25+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-29T14:23:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-02T13:40:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.0",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.0::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-sail-operator-bundle@sha256%3A19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle\u0026tag=1782301456"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3Abb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782222217"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782222514"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782222607"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Af473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782223341"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782296193"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9\u0026tag=1782223469"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3Ab994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782222217"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Ae71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782222514"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Ae1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782222607"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Aa1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782223341"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782296193"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Aec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9\u0026tag=1782223469"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782222217"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Aa6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782222514"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782222607"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782223341"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782296193"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Ac77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9\u0026tag=1782223469"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782222217"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Aee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782222514"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782222607"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Abdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782223341"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Ae24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782296193"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Ac1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9\u0026tag=1782223469"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33811",
"cwe": {
"id": "CWE-1341",
"name": "Multiple Releases of Same Resource or Handle"
},
"discovery_date": "2026-05-07T20:01:34.913869+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467822"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net` package, affecting applications configured to use the `cgo` DNS resolver. A remote attacker could trigger a double-free memory error by providing a very long CNAME response, leading to a crash of the vulnerable application and impacting service availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "RHBZ#2467822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33811",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33811"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://go.dev/cl/767860",
"url": "https://go.dev/cl/767860"
},
{
"category": "external",
"summary": "https://go.dev/issue/78803",
"url": "https://go.dev/issue/78803"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4981",
"url": "https://pkg.go.dev/vuln/GO-2026-4981"
}
],
"release_date": "2026-05-07T19:41:19.285000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T14:23:25+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.13 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33120"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications can be configured to use the pure Go DNS resolver instead of the `cgo` DNS resolver. This can be achieved by setting the `GODEBUG` environment variable to `netdns=go`. For example, to run a Go application with this mitigation: `GODEBUG=netdns=go /path/to/your/go/application`. This change may require restarting affected applications or services to take effect. Users should verify that this change does not negatively impact DNS resolution for their specific application environment.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
},
{
"cve": "CVE-2026-33814",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-07T20:01:11.324941+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467815"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important denial of service flaw in the Go HTTP/2 protocol implementation allows a remote, unauthenticated attacker to exhaust system resources. By sending a specially crafted HTTP/2 SETTINGS frame with a zero-value SETTINGS_MAX_FRAME_SIZE, the vulnerable Go library enters an infinite loop, impacting the availability of services utilizing HTTP/2.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "RHBZ#2467815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467815"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33814",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814"
},
{
"category": "external",
"summary": "https://go.dev/cl/761581",
"url": "https://go.dev/cl/761581"
},
{
"category": "external",
"summary": "https://go.dev/cl/761640",
"url": "https://go.dev/cl/761640"
},
{
"category": "external",
"summary": "https://go.dev/issue/78476",
"url": "https://go.dev/issue/78476"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4918",
"url": "https://pkg.go.dev/vuln/GO-2026-4918"
}
],
"release_date": "2026-05-07T19:41:17.631000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T14:23:25+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.13 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33120"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame"
},
{
"cve": "CVE-2026-39820",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-07T20:01:27.800929+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467820"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/mail` package of the Go programming language. An attacker could provide specially crafted inputs to the `ParseAddress`, `ParseAddressList`, or `ParseDate` functions. This could lead to excessive consumption of CPU and memory resources, resulting in a Denial of Service (DoS) for applications processing these inputs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: golang: Go net/mail: Denial of Service via crafted email inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net/mail` package. Applications processing untrusted email inputs via `ParseAddress`, `ParseAddressList`, or `ParseDate` functions are susceptible to excessive resource consumption, which can lead to service unavailability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "RHBZ#2467820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467820"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39820",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://go.dev/cl/759940",
"url": "https://go.dev/cl/759940"
},
{
"category": "external",
"summary": "https://go.dev/issue/78566",
"url": "https://go.dev/issue/78566"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4986",
"url": "https://pkg.go.dev/vuln/GO-2026-4986"
}
],
"release_date": "2026-05-07T19:41:19.854000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T14:23:25+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.13 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33120"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/mail: golang: Go net/mail: Denial of Service via crafted email inputs"
},
{
"cve": "CVE-2026-42499",
"cwe": {
"id": "CWE-1046",
"name": "Creation of Immutable Text Using String Concatenation"
},
"discovery_date": "2026-05-07T20:00:51.685602+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467809"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/mail` package within the Go standard library. A remote attacker could provide specially crafted, pathological email addresses. When these malformed email addresses are parsed by the `consumePhrase` function, it can lead to excessive resource consumption due to quadratic string concatenation, resulting in a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: golang: net/mail: Denial of Service via pathological email address parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the `net/mail` package of the Go standard library. A remote attacker can exploit this flaw by sending specially crafted email addresses, leading to excessive resource consumption and a denial of service in Go applications that parse email addresses using the affected library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "RHBZ#2467809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467809"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42499",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42499"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499"
},
{
"category": "external",
"summary": "https://go.dev/cl/771520",
"url": "https://go.dev/cl/771520"
},
{
"category": "external",
"summary": "https://go.dev/issue/78987",
"url": "https://go.dev/issue/78987"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4977",
"url": "https://pkg.go.dev/vuln/GO-2026-4977"
}
],
"release_date": "2026-05-07T19:41:18.615000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T14:23:25+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.13 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33120"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/mail: golang: net/mail: Denial of Service via pathological email address parsing"
}
]
}
RHSA-2026:33123
Vulnerability from csaf_redhat - Published: 2026-06-29 14:40 - Updated: 2026-07-02 13:40A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64 | — |
Workaround
|
A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64 | — |
Workaround
|
A flaw was found in the `net/mail` package of the Go programming language. An attacker could provide specially crafted inputs to the `ParseAddress`, `ParseAddressList`, or `ParseDate` functions. This could lead to excessive consumption of CPU and memory resources, resulting in a Denial of Service (DoS) for applications processing these inputs.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64 | — |
Workaround
|
A flaw was found in the `net/mail` package within the Go standard library. A remote attacker could provide specially crafted, pathological email addresses. When these malformed email addresses are parsed by the `consumePhrase` function, it can lead to excessive resource consumption due to quadratic string concatenation, resulting in a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 3.1.10\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 3.1.10, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n\nSecurity Fix(es):\n\n* CVE-2026-39820 openshift-golang-builder-container: Go net/mail: Denial of Service via crafted email inputs (OSSM-14266)\n* CVE-2026-42499 openshift-golang-builder-container: net/mail: Denial of Service via pathological email address parsing (OSSM-14501)\n* CVE-2026-33814 openshift-golang-builder-container: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame (OSSM-14549)\n* CVE-2026-33811 openshift-golang-builder-container: Go net package: Denial of Service via long CNAME response in LookupCNAME (OSSM-14562)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:33123",
"url": "https://access.redhat.com/errata/RHSA-2026:33123"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33811",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33814",
"url": "https://access.redhat.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39820",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42499",
"url": "https://access.redhat.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33123.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.1.10",
"tracking": {
"current_release_date": "2026-07-02T13:40:56+00:00",
"generator": {
"date": "2026-07-02T13:40:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:33123",
"initial_release_date": "2026-06-29T14:40:31+00:00",
"revision_history": [
{
"date": "2026-06-29T14:40:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-29T14:40:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-02T13:40:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.1",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-sail-operator-bundle@sha256%3A0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle\u0026tag=1782301303"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782222163"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782222367"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782222451"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Ade940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782223138"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782222394"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9\u0026tag=1782223665"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782222163"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782222367"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782222451"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782223138"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Ab6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782222394"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Aa09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9\u0026tag=1782223665"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782222163"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Ac2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782222367"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Ad613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782222451"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782223138"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782222394"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9\u0026tag=1782223665"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782222163"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782222367"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782222451"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Aa6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782223138"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782222394"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Ace2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9\u0026tag=1782223665"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33811",
"cwe": {
"id": "CWE-1341",
"name": "Multiple Releases of Same Resource or Handle"
},
"discovery_date": "2026-05-07T20:01:34.913869+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467822"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net` package, affecting applications configured to use the `cgo` DNS resolver. A remote attacker could trigger a double-free memory error by providing a very long CNAME response, leading to a crash of the vulnerable application and impacting service availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "RHBZ#2467822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33811",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33811"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://go.dev/cl/767860",
"url": "https://go.dev/cl/767860"
},
{
"category": "external",
"summary": "https://go.dev/issue/78803",
"url": "https://go.dev/issue/78803"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4981",
"url": "https://pkg.go.dev/vuln/GO-2026-4981"
}
],
"release_date": "2026-05-07T19:41:19.285000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T14:40:31+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33123"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications can be configured to use the pure Go DNS resolver instead of the `cgo` DNS resolver. This can be achieved by setting the `GODEBUG` environment variable to `netdns=go`. For example, to run a Go application with this mitigation: `GODEBUG=netdns=go /path/to/your/go/application`. This change may require restarting affected applications or services to take effect. Users should verify that this change does not negatively impact DNS resolution for their specific application environment.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
},
{
"cve": "CVE-2026-33814",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-07T20:01:11.324941+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467815"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important denial of service flaw in the Go HTTP/2 protocol implementation allows a remote, unauthenticated attacker to exhaust system resources. By sending a specially crafted HTTP/2 SETTINGS frame with a zero-value SETTINGS_MAX_FRAME_SIZE, the vulnerable Go library enters an infinite loop, impacting the availability of services utilizing HTTP/2.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "RHBZ#2467815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467815"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33814",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814"
},
{
"category": "external",
"summary": "https://go.dev/cl/761581",
"url": "https://go.dev/cl/761581"
},
{
"category": "external",
"summary": "https://go.dev/cl/761640",
"url": "https://go.dev/cl/761640"
},
{
"category": "external",
"summary": "https://go.dev/issue/78476",
"url": "https://go.dev/issue/78476"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4918",
"url": "https://pkg.go.dev/vuln/GO-2026-4918"
}
],
"release_date": "2026-05-07T19:41:17.631000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T14:40:31+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33123"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame"
},
{
"cve": "CVE-2026-39820",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-07T20:01:27.800929+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467820"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/mail` package of the Go programming language. An attacker could provide specially crafted inputs to the `ParseAddress`, `ParseAddressList`, or `ParseDate` functions. This could lead to excessive consumption of CPU and memory resources, resulting in a Denial of Service (DoS) for applications processing these inputs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: golang: Go net/mail: Denial of Service via crafted email inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net/mail` package. Applications processing untrusted email inputs via `ParseAddress`, `ParseAddressList`, or `ParseDate` functions are susceptible to excessive resource consumption, which can lead to service unavailability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "RHBZ#2467820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467820"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39820",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://go.dev/cl/759940",
"url": "https://go.dev/cl/759940"
},
{
"category": "external",
"summary": "https://go.dev/issue/78566",
"url": "https://go.dev/issue/78566"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4986",
"url": "https://pkg.go.dev/vuln/GO-2026-4986"
}
],
"release_date": "2026-05-07T19:41:19.854000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T14:40:31+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33123"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/mail: golang: Go net/mail: Denial of Service via crafted email inputs"
},
{
"cve": "CVE-2026-42499",
"cwe": {
"id": "CWE-1046",
"name": "Creation of Immutable Text Using String Concatenation"
},
"discovery_date": "2026-05-07T20:00:51.685602+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467809"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/mail` package within the Go standard library. A remote attacker could provide specially crafted, pathological email addresses. When these malformed email addresses are parsed by the `consumePhrase` function, it can lead to excessive resource consumption due to quadratic string concatenation, resulting in a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: golang: net/mail: Denial of Service via pathological email address parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the `net/mail` package of the Go standard library. A remote attacker can exploit this flaw by sending specially crafted email addresses, leading to excessive resource consumption and a denial of service in Go applications that parse email addresses using the affected library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "RHBZ#2467809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467809"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42499",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42499"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499"
},
{
"category": "external",
"summary": "https://go.dev/cl/771520",
"url": "https://go.dev/cl/771520"
},
{
"category": "external",
"summary": "https://go.dev/issue/78987",
"url": "https://go.dev/issue/78987"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4977",
"url": "https://pkg.go.dev/vuln/GO-2026-4977"
}
],
"release_date": "2026-05-07T19:41:18.615000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T14:40:31+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33123"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/mail: golang: net/mail: Denial of Service via pathological email address parsing"
}
]
}
RHSA-2026:33142
Vulnerability from csaf_redhat - Published: 2026-06-29 14:56 - Updated: 2026-07-02 13:40A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x | — |
Workaround
|
A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x | — |
Workaround
|
A flaw was found in the `net/mail` package of the Go programming language. An attacker could provide specially crafted inputs to the `ParseAddress`, `ParseAddressList`, or `ParseDate` functions. This could lead to excessive consumption of CPU and memory resources, resulting in a Denial of Service (DoS) for applications processing these inputs.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x | — |
Workaround
|
A flaw was found in the `net/mail` package within the Go standard library. A remote attacker could provide specially crafted, pathological email addresses. When these malformed email addresses are parsed by the `consumePhrase` function, it can lead to excessive resource consumption due to quadratic string concatenation, resulting in a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 3.2.7\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 3.2.7, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\nSecurity Fix(es):\n\n* CVE-2026-39820 openshift-golang-builder-container: Go net/mail: Denial of Service via crafted email inputs (OSSM-14267)\n* CVE-2026-33814 openshift-golang-builder-container: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame (OSSM-14551)\n* CVE-2026-42499 openshift-golang-builder-container: net/mail: Denial of Service via pathological email address parsing (OSSM-14499)\n* CVE-2026-33811 openshift-golang-builder-container: Go net package: Denial of Service via long CNAME response in LookupCNAME (OSSM-14566)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:33142",
"url": "https://access.redhat.com/errata/RHSA-2026:33142"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33811",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33814",
"url": "https://access.redhat.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39820",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42499",
"url": "https://access.redhat.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33142.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.2.7",
"tracking": {
"current_release_date": "2026-07-02T13:40:56+00:00",
"generator": {
"date": "2026-07-02T13:40:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:33142",
"initial_release_date": "2026-06-29T14:56:08+00:00",
"revision_history": [
{
"date": "2026-06-29T14:56:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-29T14:56:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-02T13:40:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.2",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-sail-operator-bundle@sha256%3Acbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle\u0026tag=1782310795"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782226178"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Ac489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782225149"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Ae2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782224541"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782224487"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Ad7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782303211"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9\u0026tag=1782225516"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782226178"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782225149"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Afc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782224541"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782224487"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782303211"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Af91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9\u0026tag=1782225516"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3Ae846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782226178"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782225149"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782224541"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782224487"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782303211"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Ae4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9\u0026tag=1782225516"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3Addbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782226178"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782225149"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782224541"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782224487"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Aad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782303211"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Afab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9\u0026tag=1782225516"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33811",
"cwe": {
"id": "CWE-1341",
"name": "Multiple Releases of Same Resource or Handle"
},
"discovery_date": "2026-05-07T20:01:34.913869+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467822"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net` package, affecting applications configured to use the `cgo` DNS resolver. A remote attacker could trigger a double-free memory error by providing a very long CNAME response, leading to a crash of the vulnerable application and impacting service availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "RHBZ#2467822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33811",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33811"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://go.dev/cl/767860",
"url": "https://go.dev/cl/767860"
},
{
"category": "external",
"summary": "https://go.dev/issue/78803",
"url": "https://go.dev/issue/78803"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4981",
"url": "https://pkg.go.dev/vuln/GO-2026-4981"
}
],
"release_date": "2026-05-07T19:41:19.285000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T14:56:08+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33142"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications can be configured to use the pure Go DNS resolver instead of the `cgo` DNS resolver. This can be achieved by setting the `GODEBUG` environment variable to `netdns=go`. For example, to run a Go application with this mitigation: `GODEBUG=netdns=go /path/to/your/go/application`. This change may require restarting affected applications or services to take effect. Users should verify that this change does not negatively impact DNS resolution for their specific application environment.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
},
{
"cve": "CVE-2026-33814",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-07T20:01:11.324941+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467815"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important denial of service flaw in the Go HTTP/2 protocol implementation allows a remote, unauthenticated attacker to exhaust system resources. By sending a specially crafted HTTP/2 SETTINGS frame with a zero-value SETTINGS_MAX_FRAME_SIZE, the vulnerable Go library enters an infinite loop, impacting the availability of services utilizing HTTP/2.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "RHBZ#2467815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467815"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33814",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814"
},
{
"category": "external",
"summary": "https://go.dev/cl/761581",
"url": "https://go.dev/cl/761581"
},
{
"category": "external",
"summary": "https://go.dev/cl/761640",
"url": "https://go.dev/cl/761640"
},
{
"category": "external",
"summary": "https://go.dev/issue/78476",
"url": "https://go.dev/issue/78476"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4918",
"url": "https://pkg.go.dev/vuln/GO-2026-4918"
}
],
"release_date": "2026-05-07T19:41:17.631000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T14:56:08+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33142"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame"
},
{
"cve": "CVE-2026-39820",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-07T20:01:27.800929+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467820"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/mail` package of the Go programming language. An attacker could provide specially crafted inputs to the `ParseAddress`, `ParseAddressList`, or `ParseDate` functions. This could lead to excessive consumption of CPU and memory resources, resulting in a Denial of Service (DoS) for applications processing these inputs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: golang: Go net/mail: Denial of Service via crafted email inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net/mail` package. Applications processing untrusted email inputs via `ParseAddress`, `ParseAddressList`, or `ParseDate` functions are susceptible to excessive resource consumption, which can lead to service unavailability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "RHBZ#2467820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467820"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39820",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://go.dev/cl/759940",
"url": "https://go.dev/cl/759940"
},
{
"category": "external",
"summary": "https://go.dev/issue/78566",
"url": "https://go.dev/issue/78566"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4986",
"url": "https://pkg.go.dev/vuln/GO-2026-4986"
}
],
"release_date": "2026-05-07T19:41:19.854000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T14:56:08+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33142"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/mail: golang: Go net/mail: Denial of Service via crafted email inputs"
},
{
"cve": "CVE-2026-42499",
"cwe": {
"id": "CWE-1046",
"name": "Creation of Immutable Text Using String Concatenation"
},
"discovery_date": "2026-05-07T20:00:51.685602+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467809"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/mail` package within the Go standard library. A remote attacker could provide specially crafted, pathological email addresses. When these malformed email addresses are parsed by the `consumePhrase` function, it can lead to excessive resource consumption due to quadratic string concatenation, resulting in a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: golang: net/mail: Denial of Service via pathological email address parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the `net/mail` package of the Go standard library. A remote attacker can exploit this flaw by sending specially crafted email addresses, leading to excessive resource consumption and a denial of service in Go applications that parse email addresses using the affected library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "RHBZ#2467809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467809"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42499",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42499"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499"
},
{
"category": "external",
"summary": "https://go.dev/cl/771520",
"url": "https://go.dev/cl/771520"
},
{
"category": "external",
"summary": "https://go.dev/issue/78987",
"url": "https://go.dev/issue/78987"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4977",
"url": "https://pkg.go.dev/vuln/GO-2026-4977"
}
],
"release_date": "2026-05-07T19:41:18.615000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T14:56:08+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33142"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/mail: golang: net/mail: Denial of Service via pathological email address parsing"
}
]
}
RHSA-2026:33150
Vulnerability from csaf_redhat - Published: 2026-06-29 15:29 - Updated: 2026-07-02 13:40A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le | — |
Workaround
|
A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le | — |
Workaround
|
A flaw was found in the `net/mail` package of the Go programming language. An attacker could provide specially crafted inputs to the `ParseAddress`, `ParseAddressList`, or `ParseDate` functions. This could lead to excessive consumption of CPU and memory resources, resulting in a Denial of Service (DoS) for applications processing these inputs.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le | — |
Workaround
|
A flaw was found in the `net/mail` package within the Go standard library. A remote attacker could provide specially crafted, pathological email addresses. When these malformed email addresses are parsed by the `consumePhrase` function, it can lead to excessive resource consumption due to quadratic string concatenation, resulting in a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 3.3.5\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 3.3.5, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n\nSecurity Fix(es):\n\n* CVE-2026-39820 openshift-golang-builder-container: Go net/mail: Denial of Service via crafted email inputs (OSSM-14270)\n* CVE-2026-42499 openshift-golang-builder-container: net/mail: Denial of Service via pathological email address parsing (OSSM-14502)\n* CVE-2026-33814 openshift-golang-builder-container: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame (OSSM-14547)\n* CVE-2026-33811 openshift-golang-builder-container: Go net package: Denial of Service via long CNAME response in LookupCNAME (OSSM-14565)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:33150",
"url": "https://access.redhat.com/errata/RHSA-2026:33150"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33811",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33814",
"url": "https://access.redhat.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39820",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42499",
"url": "https://access.redhat.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33150.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.3.5",
"tracking": {
"current_release_date": "2026-07-02T13:40:57+00:00",
"generator": {
"date": "2026-07-02T13:40:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:33150",
"initial_release_date": "2026-06-29T15:29:11+00:00",
"revision_history": [
{
"date": "2026-06-29T15:29:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-29T15:29:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-02T13:40:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.3",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.3::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-sail-operator-bundle@sha256%3Ae5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle\u0026tag=1782315701"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3Ac4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782223045"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782222206"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782222038"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782222366"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782310747"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9\u0026tag=1782222723"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3Ab49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782223045"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782222206"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782222038"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Ad7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782222366"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Ab526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782310747"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Ac15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9\u0026tag=1782222723"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782223045"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782222206"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Aca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782222038"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Aef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782222366"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782310747"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Af26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9\u0026tag=1782222723"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782223045"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782222206"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Aed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782222038"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Ab8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782222366"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Aa6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782310747"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9\u0026tag=1782222723"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33811",
"cwe": {
"id": "CWE-1341",
"name": "Multiple Releases of Same Resource or Handle"
},
"discovery_date": "2026-05-07T20:01:34.913869+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467822"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net` package, affecting applications configured to use the `cgo` DNS resolver. A remote attacker could trigger a double-free memory error by providing a very long CNAME response, leading to a crash of the vulnerable application and impacting service availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "RHBZ#2467822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33811",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33811"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://go.dev/cl/767860",
"url": "https://go.dev/cl/767860"
},
{
"category": "external",
"summary": "https://go.dev/issue/78803",
"url": "https://go.dev/issue/78803"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4981",
"url": "https://pkg.go.dev/vuln/GO-2026-4981"
}
],
"release_date": "2026-05-07T19:41:19.285000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T15:29:11+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.3.5 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33150"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications can be configured to use the pure Go DNS resolver instead of the `cgo` DNS resolver. This can be achieved by setting the `GODEBUG` environment variable to `netdns=go`. For example, to run a Go application with this mitigation: `GODEBUG=netdns=go /path/to/your/go/application`. This change may require restarting affected applications or services to take effect. Users should verify that this change does not negatively impact DNS resolution for their specific application environment.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
},
{
"cve": "CVE-2026-33814",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-07T20:01:11.324941+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467815"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important denial of service flaw in the Go HTTP/2 protocol implementation allows a remote, unauthenticated attacker to exhaust system resources. By sending a specially crafted HTTP/2 SETTINGS frame with a zero-value SETTINGS_MAX_FRAME_SIZE, the vulnerable Go library enters an infinite loop, impacting the availability of services utilizing HTTP/2.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "RHBZ#2467815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467815"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33814",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814"
},
{
"category": "external",
"summary": "https://go.dev/cl/761581",
"url": "https://go.dev/cl/761581"
},
{
"category": "external",
"summary": "https://go.dev/cl/761640",
"url": "https://go.dev/cl/761640"
},
{
"category": "external",
"summary": "https://go.dev/issue/78476",
"url": "https://go.dev/issue/78476"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4918",
"url": "https://pkg.go.dev/vuln/GO-2026-4918"
}
],
"release_date": "2026-05-07T19:41:17.631000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T15:29:11+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.3.5 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33150"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame"
},
{
"cve": "CVE-2026-39820",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-07T20:01:27.800929+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467820"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/mail` package of the Go programming language. An attacker could provide specially crafted inputs to the `ParseAddress`, `ParseAddressList`, or `ParseDate` functions. This could lead to excessive consumption of CPU and memory resources, resulting in a Denial of Service (DoS) for applications processing these inputs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: golang: Go net/mail: Denial of Service via crafted email inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net/mail` package. Applications processing untrusted email inputs via `ParseAddress`, `ParseAddressList`, or `ParseDate` functions are susceptible to excessive resource consumption, which can lead to service unavailability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "RHBZ#2467820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467820"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39820",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://go.dev/cl/759940",
"url": "https://go.dev/cl/759940"
},
{
"category": "external",
"summary": "https://go.dev/issue/78566",
"url": "https://go.dev/issue/78566"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4986",
"url": "https://pkg.go.dev/vuln/GO-2026-4986"
}
],
"release_date": "2026-05-07T19:41:19.854000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T15:29:11+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.3.5 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33150"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/mail: golang: Go net/mail: Denial of Service via crafted email inputs"
},
{
"cve": "CVE-2026-42499",
"cwe": {
"id": "CWE-1046",
"name": "Creation of Immutable Text Using String Concatenation"
},
"discovery_date": "2026-05-07T20:00:51.685602+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467809"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/mail` package within the Go standard library. A remote attacker could provide specially crafted, pathological email addresses. When these malformed email addresses are parsed by the `consumePhrase` function, it can lead to excessive resource consumption due to quadratic string concatenation, resulting in a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: golang: net/mail: Denial of Service via pathological email address parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the `net/mail` package of the Go standard library. A remote attacker can exploit this flaw by sending specially crafted email addresses, leading to excessive resource consumption and a denial of service in Go applications that parse email addresses using the affected library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "RHBZ#2467809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467809"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42499",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42499"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499"
},
{
"category": "external",
"summary": "https://go.dev/cl/771520",
"url": "https://go.dev/cl/771520"
},
{
"category": "external",
"summary": "https://go.dev/issue/78987",
"url": "https://go.dev/issue/78987"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4977",
"url": "https://pkg.go.dev/vuln/GO-2026-4977"
}
],
"release_date": "2026-05-07T19:41:18.615000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T15:29:11+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.3.5 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33150"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/mail: golang: net/mail: Denial of Service via pathological email address parsing"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.