Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-33814 (GCVE-0-2026-33814)
Vulnerability from cvelistv5 – Published: 2026-05-07 19:41 – Updated: 2026-07-02 12:05| URL | Tags |
|---|---|
| https://go.dev/cl/761581 | |
| https://go.dev/cl/761640 | |
| https://go.dev/issue/78476 | |
| https://groups.google.com/g/golang-announce/c/qcC… | |
| https://pkg.go.dev/vuln/GO-2026-4918 | |
| https://access.redhat.com/security/cve/CVE-2026-33814 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2467815 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:34342 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:23262 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:23264 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:33120 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:33123 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:33142 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:33150 | vendor-advisoryx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| golang.org/x/net | golang.org/x/net/http2 |
Affected:
0 , < 0.53.0
(semver)
|
|
| Go standard library | net/http |
Affected:
0 , < 1.25.10
(semver)
Affected: 1.26.0-0 , < 1.26.3 (semver) |
|
| Red Hat | Cluster Observability Operator 1.5.0 |
cpe:/a:redhat:cluster_observability_operator:1.5::el9 |
|
| Red Hat | Red Hat Hardened Images |
cpe:/a:redhat:hummingbird:1 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.0 |
cpe:/a:redhat:service_mesh:3.0::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.1 |
cpe:/a:redhat:service_mesh:3.1::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.2 |
cpe:/a:redhat:service_mesh:3.2::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.3 |
cpe:/a:redhat:service_mesh:3.3::el9 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat Enterprise Linux AI (RHEL AI) 3 |
cpe:/a:redhat:enterprise_linux_ai:3 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
|
| Red Hat | OpenShift Service Mesh 2 |
cpe:/a:redhat:service_mesh:2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-33814",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-08T18:00:53.951676Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-08T18:01:02.989Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:cluster_observability_operator:1.5::el9"
],
"defaultStatus": "affected",
"product": "Cluster Observability Operator 1.5.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 2",
"vendor": "Red Hat"
}
],
"datePublic": "2026-05-07T19:41:17.631Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-606",
"description": "Unchecked Input for Loop Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T12:05:19.070Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-33814"
},
{
"name": "RHBZ#2467815",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467815"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33814.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34342"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23264"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33120"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33123"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33142"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33150"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:34342: Cluster Observability Operator 1.5.0"
},
{
"lang": "en",
"value": "RHSA-2026:23262: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:23264: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:33120: Red Hat OpenShift Service Mesh 3.0"
},
{
"lang": "en",
"value": "RHSA-2026:33123: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:33142: Red Hat OpenShift Service Mesh 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:33150: Red Hat OpenShift Service Mesh 3.3"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-07T20:01:11.324Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-07T19:41:17.631Z",
"value": "Made public."
}
],
"title": "net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/net/http2",
"product": "golang.org/x/net/http2",
"programRoutines": [
{
"name": "clientConnReadLoop.processSettingsNoWrite"
},
{
"name": "Transport.NewClientConn"
},
{
"name": "Transport.RoundTrip"
},
{
"name": "Transport.RoundTripOpt"
},
{
"name": "clientConnPool.GetClientConn"
},
{
"name": "noDialClientConnPool.GetClientConn"
},
{
"name": "noDialH2RoundTripper.NewClientConn"
},
{
"name": "noDialH2RoundTripper.RoundTrip"
},
{
"name": "unencryptedTransport.RoundTrip"
}
],
"vendor": "golang.org/x/net",
"versions": [
{
"lessThan": "0.53.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "net/http",
"product": "net/http",
"programRoutines": [
{
"name": "http2clientConnReadLoop.processSettingsNoWrite"
},
{
"name": "Client.CloseIdleConnections"
},
{
"name": "Client.Do"
},
{
"name": "Client.Get"
},
{
"name": "Client.Head"
},
{
"name": "Client.Post"
},
{
"name": "Client.PostForm"
},
{
"name": "ClientConn.Close"
},
{
"name": "ClientConn.RoundTrip"
},
{
"name": "Get"
},
{
"name": "Head"
},
{
"name": "Post"
},
{
"name": "PostForm"
},
{
"name": "Transport.CloseIdleConnections"
},
{
"name": "Transport.NewClientConn"
},
{
"name": "Transport.RoundTrip"
},
{
"name": "http1ClientConn.Close"
},
{
"name": "http1ClientConn.RoundTrip"
},
{
"name": "http2Transport.NewClientConn"
},
{
"name": "http2Transport.RoundTrip"
},
{
"name": "http2Transport.RoundTripOpt"
},
{
"name": "http2clientConnPool.GetClientConn"
},
{
"name": "http2noDialClientConnPool.GetClientConn"
},
{
"name": "http2noDialH2RoundTripper.NewClientConn"
},
{
"name": "http2noDialH2RoundTripper.RoundTrip"
},
{
"name": "http2unencryptedTransport.RoundTrip"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.25.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.26.3",
"status": "affected",
"version": "1.26.0-0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Marwan Atia (marwansamir688@gmail.com)"
}
],
"descriptions": [
{
"lang": "en",
"value": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T19:41:17.631Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/761581"
},
{
"url": "https://go.dev/cl/761640"
},
{
"url": "https://go.dev/issue/78476"
},
{
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"url": "https://pkg.go.dev/vuln/GO-2026-4918"
}
],
"title": "Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2026-33814",
"datePublished": "2026-05-07T19:41:17.631Z",
"dateReserved": "2026-03-23T20:35:32.814Z",
"dateUpdated": "2026-07-02T12:05:19.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-33814",
"date": "2026-07-02",
"epss": "0.00781",
"percentile": "0.51466"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-33814\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2026-05-07T20:16:42.880\",\"lastModified\":\"2026-07-02T12:17:06.340\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.\"}],\"affected\":[{\"source\":\"security@golang.org\",\"affectedData\":[{\"vendor\":\"golang.org/x/net\",\"product\":\"golang.org/x/net/http2\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"golang.org/x/net/http2\",\"programRoutines\":[{\"name\":\"clientConnReadLoop.processSettingsNoWrite\"},{\"name\":\"Transport.NewClientConn\"},{\"name\":\"Transport.RoundTrip\"},{\"name\":\"Transport.RoundTripOpt\"},{\"name\":\"clientConnPool.GetClientConn\"},{\"name\":\"noDialClientConnPool.GetClientConn\"},{\"name\":\"noDialH2RoundTripper.NewClientConn\"},{\"name\":\"noDialH2RoundTripper.RoundTrip\"},{\"name\":\"unencryptedTransport.RoundTrip\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"0.53.0\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"Go standard library\",\"product\":\"net/http\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"net/http\",\"programRoutines\":[{\"name\":\"http2clientConnReadLoop.processSettingsNoWrite\"},{\"name\":\"Client.CloseIdleConnections\"},{\"name\":\"Client.Do\"},{\"name\":\"Client.Get\"},{\"name\":\"Client.Head\"},{\"name\":\"Client.Post\"},{\"name\":\"Client.PostForm\"},{\"name\":\"ClientConn.Close\"},{\"name\":\"ClientConn.RoundTrip\"},{\"name\":\"Get\"},{\"name\":\"Head\"},{\"name\":\"Post\"},{\"name\":\"PostForm\"},{\"name\":\"Transport.CloseIdleConnections\"},{\"name\":\"Transport.NewClientConn\"},{\"name\":\"Transport.RoundTrip\"},{\"name\":\"http1ClientConn.Close\"},{\"name\":\"http1ClientConn.RoundTrip\"},{\"name\":\"http2Transport.NewClientConn\"},{\"name\":\"http2Transport.RoundTrip\"},{\"name\":\"http2Transport.RoundTripOpt\"},{\"name\":\"http2clientConnPool.GetClientConn\"},{\"name\":\"http2noDialClientConnPool.GetClientConn\"},{\"name\":\"http2noDialH2RoundTripper.NewClientConn\"},{\"name\":\"http2noDialH2RoundTripper.RoundTrip\"},{\"name\":\"http2unencryptedTransport.RoundTrip\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"1.25.10\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.26.0-0\",\"lessThan\":\"1.26.3\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Cluster Observability Operator 1.5.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:cluster_observability_operator:1.5::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Hardened Images\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:hummingbird:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.1::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.2::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.3::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AI (RHEL AI) 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux_ai:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Virtualization 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:container_native_virtualization:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Service Mesh 2\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:2\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-05-08T18:00:53.951676Z\",\"id\":\"CVE-2026-33814\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-835\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-606\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.25.10\",\"matchCriteriaId\":\"1C966EF3-C51C-4239-B5FC-C44A5202FEC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.26.0\",\"versionEndExcluding\":\"1.26.3\",\"matchCriteriaId\":\"522E4CD0-2B99-4363-9C78-0BAFD988A2D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:http2:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"0.53.0\",\"matchCriteriaId\":\"365ED1C8-AAF7-4BA7-949C-6F69AF4CD27E\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/761581\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/cl/761640\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/78476\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/qcCIEXso47M\",\"source\":\"security@golang.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2026-4918\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23262\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23264\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33120\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33123\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33142\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33150\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34342\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-33814\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2467815\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33814.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:cluster_observability_operator:1.5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Cluster Observability Operator 1.5.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:hummingbird:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Hardened Images\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.3::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux_ai:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AI (RHEL AI) 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:container_native_virtualization:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Virtualization 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:2\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Service Mesh 2\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-05-07T20:01:11.324Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-05-07T19:41:17.631Z\", \"value\": \"Made public.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"RHSA-2026:34342: Cluster Observability Operator 1.5.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:23262: Red Hat Hardened Images\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:23264: Red Hat Hardened Images\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33120: Red Hat OpenShift Service Mesh 3.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33123: Red Hat OpenShift Service Mesh 3.1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33142: Red Hat OpenShift Service Mesh 3.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33150: Red Hat OpenShift Service Mesh 3.3\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-05-07T19:41:17.631Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-33814\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2467815\", \"name\": \"RHBZ#2467815\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33814.json\", \"tags\": [\"x_sadp-csaf-vex\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34342\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:23262\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:23264\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33120\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33123\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33142\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33150\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.\"}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-606\", \"description\": \"Unchecked Input for Loop Condition\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-07-02T12:05:19.070Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-33814\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-08T18:00:53.951676Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-08T18:00:42.436Z\"}}], \"cna\": {\"title\": \"Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net\", \"credits\": [{\"lang\": \"en\", \"value\": \"Marwan Atia (marwansamir688@gmail.com)\"}], \"affected\": [{\"vendor\": \"golang.org/x/net\", \"product\": \"golang.org/x/net/http2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.53.0\", \"versionType\": \"semver\"}], \"packageName\": \"golang.org/x/net/http2\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"clientConnReadLoop.processSettingsNoWrite\"}, {\"name\": \"Transport.NewClientConn\"}, {\"name\": \"Transport.RoundTrip\"}, {\"name\": \"Transport.RoundTripOpt\"}, {\"name\": \"clientConnPool.GetClientConn\"}, {\"name\": \"noDialClientConnPool.GetClientConn\"}, {\"name\": \"noDialH2RoundTripper.NewClientConn\"}, {\"name\": \"noDialH2RoundTripper.RoundTrip\"}, {\"name\": \"unencryptedTransport.RoundTrip\"}]}, {\"vendor\": \"Go standard library\", \"product\": \"net/http\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.25.10\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.26.0-0\", \"lessThan\": \"1.26.3\", \"versionType\": \"semver\"}], \"packageName\": \"net/http\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"http2clientConnReadLoop.processSettingsNoWrite\"}, {\"name\": \"Client.CloseIdleConnections\"}, {\"name\": \"Client.Do\"}, {\"name\": \"Client.Get\"}, {\"name\": \"Client.Head\"}, {\"name\": \"Client.Post\"}, {\"name\": \"Client.PostForm\"}, {\"name\": \"ClientConn.Close\"}, {\"name\": \"ClientConn.RoundTrip\"}, {\"name\": \"Get\"}, {\"name\": \"Head\"}, {\"name\": \"Post\"}, {\"name\": \"PostForm\"}, {\"name\": \"Transport.CloseIdleConnections\"}, {\"name\": \"Transport.NewClientConn\"}, {\"name\": \"Transport.RoundTrip\"}, {\"name\": \"http1ClientConn.Close\"}, {\"name\": \"http1ClientConn.RoundTrip\"}, {\"name\": \"http2Transport.NewClientConn\"}, {\"name\": \"http2Transport.RoundTrip\"}, {\"name\": \"http2Transport.RoundTripOpt\"}, {\"name\": \"http2clientConnPool.GetClientConn\"}, {\"name\": \"http2noDialClientConnPool.GetClientConn\"}, {\"name\": \"http2noDialH2RoundTripper.NewClientConn\"}, {\"name\": \"http2noDialH2RoundTripper.RoundTrip\"}, {\"name\": \"http2unencryptedTransport.RoundTrip\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/761581\"}, {\"url\": \"https://go.dev/cl/761640\"}, {\"url\": \"https://go.dev/issue/78476\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/qcCIEXso47M\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2026-4918\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2026-05-07T19:41:17.631Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-33814\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-02T12:05:19.070Z\", \"dateReserved\": \"2026-03-23T20:35:32.814Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2026-05-07T19:41:17.631Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
OPENSUSE-SU-2026:20833-1
Vulnerability from csaf_opensuse - Published: 2026-05-28 13:15 - Updated: 2026-05-28 13:15| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for trivy",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for trivy fixes the following issues:\n\nChanges in trivy:\n\n- update x/crypto to 0.52.0 (bsc#1266075, CVE-2026-39827,\n CVE-2026-39834,CVE-2026-39828,CVE-2026-39829,CVE-2026-39831,\n CVE-2026-42508,CVE-2026-39833,CVE-2026-39830,CVE-2026-39832,\n CVE-2026-46597,CVE-2026-46598,CVE-2026-46595,CVE-2026-39835)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-packagehub-272",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20833-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1265648",
"url": "https://bugzilla.suse.com/1265648"
},
{
"category": "self",
"summary": "SUSE Bug 1266075",
"url": "https://bugzilla.suse.com/1266075"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39829 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39830 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39831 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39832 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39833 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39834 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39835 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42508 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46595 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46597 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46598 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46598/"
}
],
"title": "Security update for trivy",
"tracking": {
"current_release_date": "2026-05-28T13:15:28Z",
"generator": {
"date": "2026-05-28T13:15:28Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20833-1",
"initial_release_date": "2026-05-28T13:15:28Z",
"revision_history": [
{
"date": "2026-05-28T13:15:28Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.70.0-bp160.3.1.aarch64",
"product": {
"name": "trivy-0.70.0-bp160.3.1.aarch64",
"product_id": "trivy-0.70.0-bp160.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.70.0-bp160.3.1.ppc64le",
"product": {
"name": "trivy-0.70.0-bp160.3.1.ppc64le",
"product_id": "trivy-0.70.0-bp160.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.70.0-bp160.3.1.s390x",
"product": {
"name": "trivy-0.70.0-bp160.3.1.s390x",
"product_id": "trivy-0.70.0-bp160.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.70.0-bp160.3.1.x86_64",
"product": {
"name": "trivy-0.70.0-bp160.3.1.x86_64",
"product_id": "trivy-0.70.0-bp160.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.70.0-bp160.3.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64"
},
"product_reference": "trivy-0.70.0-bp160.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.70.0-bp160.3.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le"
},
"product_reference": "trivy-0.70.0-bp160.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.70.0-bp160.3.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x"
},
"product_reference": "trivy-0.70.0-bp160.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.70.0-bp160.3.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
},
"product_reference": "trivy-0.70.0-bp160.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T13:15:28Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39827"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection\u0027s internal state and released for garbage collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39827",
"url": "https://www.suse.com/security/cve/CVE-2026-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39827",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T13:15:28Z",
"details": "important"
}
],
"title": "CVE-2026-39827"
},
{
"cve": "CVE-2026-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39828"
}
],
"notes": [
{
"category": "general",
"text": "When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39828",
"url": "https://www.suse.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39828",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T13:15:28Z",
"details": "important"
}
],
"title": "CVE-2026-39828"
},
{
"cve": "CVE-2026-39829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39829"
}
],
"notes": [
{
"category": "general",
"text": "The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39829",
"url": "https://www.suse.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39829",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T13:15:28Z",
"details": "important"
}
],
"title": "CVE-2026-39829"
},
{
"cve": "CVE-2026-39830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39830"
}
],
"notes": [
{
"category": "general",
"text": "A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection\u0027s read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39830",
"url": "https://www.suse.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39830",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T13:15:28Z",
"details": "important"
}
],
"title": "CVE-2026-39830"
},
{
"cve": "CVE-2026-39831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39831"
}
],
"notes": [
{
"category": "general",
"text": "The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a \"no-touch-required\" extension in Permissions.Extensions from PublicKeyCallback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39831",
"url": "https://www.suse.com/security/cve/CVE-2026-39831"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39831",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T13:15:28Z",
"details": "important"
}
],
"title": "CVE-2026-39831"
},
{
"cve": "CVE-2026-39832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39832"
}
],
"notes": [
{
"category": "general",
"text": "When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39832",
"url": "https://www.suse.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39832",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T13:15:28Z",
"details": "important"
}
],
"title": "CVE-2026-39832"
},
{
"cve": "CVE-2026-39833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39833"
}
],
"notes": [
{
"category": "general",
"text": "The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39833",
"url": "https://www.suse.com/security/cve/CVE-2026-39833"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39833",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T13:15:28Z",
"details": "important"
}
],
"title": "CVE-2026-39833"
},
{
"cve": "CVE-2026-39834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39834"
}
],
"notes": [
{
"category": "general",
"text": "When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39834",
"url": "https://www.suse.com/security/cve/CVE-2026-39834"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39834",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T13:15:28Z",
"details": "important"
}
],
"title": "CVE-2026-39834"
},
{
"cve": "CVE-2026-39835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39835"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39835",
"url": "https://www.suse.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39835",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T13:15:28Z",
"details": "important"
}
],
"title": "CVE-2026-39835"
},
{
"cve": "CVE-2026-42508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42508"
}
],
"notes": [
{
"category": "general",
"text": "Previously, a revoked \u0027SignatureKey\u0027 belonging to a CA was not correctly checked for revocation. Now, both the \u0027key\u0027 and \u0027key.SignatureKey\u0027 are checked for @revoked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42508",
"url": "https://www.suse.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-42508",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T13:15:28Z",
"details": "important"
}
],
"title": "CVE-2026-42508"
},
{
"cve": "CVE-2026-46595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46595"
}
],
"notes": [
{
"category": "general",
"text": "Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46595",
"url": "https://www.suse.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46595",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T13:15:28Z",
"details": "important"
}
],
"title": "CVE-2026-46595"
},
{
"cve": "CVE-2026-46597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46597"
}
],
"notes": [
{
"category": "general",
"text": "An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46597",
"url": "https://www.suse.com/security/cve/CVE-2026-46597"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46597",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T13:15:28Z",
"details": "important"
}
],
"title": "CVE-2026-46597"
},
{
"cve": "CVE-2026-46598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46598"
}
],
"notes": [
{
"category": "general",
"text": "For certain crafted inputs, a \u0027ed25519.PrivateKey\u0027 was created by casting malformed wire bytes, leading to a panic when used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46598",
"url": "https://www.suse.com/security/cve/CVE-2026-46598"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46598",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.aarch64",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.ppc64le",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.s390x",
"openSUSE Leap 16.0:trivy-0.70.0-bp160.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T13:15:28Z",
"details": "important"
}
],
"title": "CVE-2026-46598"
}
]
}
OPENSUSE-SU-2026:20834-1
Vulnerability from csaf_opensuse - Published: 2026-05-28 12:23 - Updated: 2026-05-28 12:23| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apptainer",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apptainer fixes the following issues:\n\nChanges in apptainer:\n\n- Fix CVE-2026-39827, CVE-2026-39834, CVE-2026-39828, CVE-2026-39829,\n CVE-2026-39831, CVE-2026-42508, CVE-2026-39833, CVE-2026-39830,\n CVE-2026-39832, CVE-2026-46597, CVE-2026-46598, CVE-2026-46595,\n CVE-2026-39835 (bsc#1266202)\n Update golang.org/x/crypto to v0.52.0\n\n- Fix CVE-2026-33814 GO-2026-4918 (bsc#1265844)\n Update golang.org/x/net to version v0.53.0\n- Integrate vulnchecker into %check stage (optional).\n\n- Sync with Factory version which also fixes CVE-2024-45310\n tracked in bsc#1257432\n- Readded SLE-15SP6.def as it was removed from Factory\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-packagehub-273",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20834-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1257432",
"url": "https://bugzilla.suse.com/1257432"
},
{
"category": "self",
"summary": "SUSE Bug 1265844",
"url": "https://bugzilla.suse.com/1265844"
},
{
"category": "self",
"summary": "SUSE Bug 1266202",
"url": "https://bugzilla.suse.com/1266202"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45310 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45310/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39829 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39830 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39831 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39832 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39833 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39834 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39835 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42508 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46595 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46597 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46598 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46598/"
}
],
"title": "Security update for apptainer",
"tracking": {
"current_release_date": "2026-05-28T12:23:45Z",
"generator": {
"date": "2026-05-28T12:23:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20834-1",
"initial_release_date": "2026-05-28T12:23:45Z",
"revision_history": [
{
"date": "2026-05-28T12:23:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apptainer-leap-1.4.5-bp160.2.1.noarch",
"product": {
"name": "apptainer-leap-1.4.5-bp160.2.1.noarch",
"product_id": "apptainer-leap-1.4.5-bp160.2.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apptainer-1.4.5-bp160.2.1.x86_64",
"product": {
"name": "apptainer-1.4.5-bp160.2.1.x86_64",
"product_id": "apptainer-1.4.5-bp160.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-1.4.5-bp160.2.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64"
},
"product_reference": "apptainer-1.4.5-bp160.2.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-leap-1.4.5-bp160.2.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
},
"product_reference": "apptainer-leap-1.4.5-bp160.2.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45310",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45310"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with `os.MkdirAll`. While this could be used to create empty files, existing files would not be truncated. An attacker must have the ability to start containers using some kind of custom volume configuration. Containers using user namespaces are still affected, but the scope of places an attacker can create inodes can be significantly reduced. Sufficiently strict LSM policies (SELinux/Apparmor) can also in principle block this attack -- we suspect the industry standard SELinux policy may restrict this attack\u0027s scope but the exact scope of protection hasn\u0027t been analysed. This is exploitable using runc directly as well as through Docker and Kubernetes. The issue is fixed in runc v1.1.14 and v1.2.0-rc3.\n\nSome workarounds are available. Using user namespaces restricts this attack fairly significantly such that the attacker can only create inodes in directories that the remapped root user/group has write access to. Unless the root user is remapped to an actual\nuser on the host (such as with rootless containers that don\u0027t use `/etc/sub[ug]id`), this in practice means that an attacker would only be able to create inodes in world-writable directories. A strict enough SELinux or AppArmor policy could in principle also restrict the scope if a specific label is applied to the runc runtime, though neither the extent to which the standard existing policies block this attack nor what exact policies are needed to sufficiently restrict this attack have been thoroughly tested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45310",
"url": "https://www.suse.com/security/cve/CVE-2024-45310"
},
{
"category": "external",
"summary": "SUSE Bug 1230092 for CVE-2024-45310",
"url": "https://bugzilla.suse.com/1230092"
},
{
"category": "external",
"summary": "SUSE Bug 1257413 for CVE-2024-45310",
"url": "https://bugzilla.suse.com/1257413"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:23:45Z",
"details": "low"
}
],
"title": "CVE-2024-45310"
},
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:23:45Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39827"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection\u0027s internal state and released for garbage collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39827",
"url": "https://www.suse.com/security/cve/CVE-2026-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39827",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:23:45Z",
"details": "important"
}
],
"title": "CVE-2026-39827"
},
{
"cve": "CVE-2026-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39828"
}
],
"notes": [
{
"category": "general",
"text": "When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39828",
"url": "https://www.suse.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39828",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:23:45Z",
"details": "important"
}
],
"title": "CVE-2026-39828"
},
{
"cve": "CVE-2026-39829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39829"
}
],
"notes": [
{
"category": "general",
"text": "The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39829",
"url": "https://www.suse.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39829",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:23:45Z",
"details": "important"
}
],
"title": "CVE-2026-39829"
},
{
"cve": "CVE-2026-39830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39830"
}
],
"notes": [
{
"category": "general",
"text": "A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection\u0027s read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39830",
"url": "https://www.suse.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39830",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:23:45Z",
"details": "important"
}
],
"title": "CVE-2026-39830"
},
{
"cve": "CVE-2026-39831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39831"
}
],
"notes": [
{
"category": "general",
"text": "The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a \"no-touch-required\" extension in Permissions.Extensions from PublicKeyCallback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39831",
"url": "https://www.suse.com/security/cve/CVE-2026-39831"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39831",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:23:45Z",
"details": "important"
}
],
"title": "CVE-2026-39831"
},
{
"cve": "CVE-2026-39832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39832"
}
],
"notes": [
{
"category": "general",
"text": "When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39832",
"url": "https://www.suse.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39832",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:23:45Z",
"details": "important"
}
],
"title": "CVE-2026-39832"
},
{
"cve": "CVE-2026-39833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39833"
}
],
"notes": [
{
"category": "general",
"text": "The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39833",
"url": "https://www.suse.com/security/cve/CVE-2026-39833"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39833",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:23:45Z",
"details": "important"
}
],
"title": "CVE-2026-39833"
},
{
"cve": "CVE-2026-39834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39834"
}
],
"notes": [
{
"category": "general",
"text": "When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39834",
"url": "https://www.suse.com/security/cve/CVE-2026-39834"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39834",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:23:45Z",
"details": "important"
}
],
"title": "CVE-2026-39834"
},
{
"cve": "CVE-2026-39835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39835"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39835",
"url": "https://www.suse.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39835",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:23:45Z",
"details": "important"
}
],
"title": "CVE-2026-39835"
},
{
"cve": "CVE-2026-42508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42508"
}
],
"notes": [
{
"category": "general",
"text": "Previously, a revoked \u0027SignatureKey\u0027 belonging to a CA was not correctly checked for revocation. Now, both the \u0027key\u0027 and \u0027key.SignatureKey\u0027 are checked for @revoked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42508",
"url": "https://www.suse.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-42508",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:23:45Z",
"details": "important"
}
],
"title": "CVE-2026-42508"
},
{
"cve": "CVE-2026-46595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46595"
}
],
"notes": [
{
"category": "general",
"text": "Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46595",
"url": "https://www.suse.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46595",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:23:45Z",
"details": "important"
}
],
"title": "CVE-2026-46595"
},
{
"cve": "CVE-2026-46597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46597"
}
],
"notes": [
{
"category": "general",
"text": "An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46597",
"url": "https://www.suse.com/security/cve/CVE-2026-46597"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46597",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:23:45Z",
"details": "important"
}
],
"title": "CVE-2026-46597"
},
{
"cve": "CVE-2026-46598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46598"
}
],
"notes": [
{
"category": "general",
"text": "For certain crafted inputs, a \u0027ed25519.PrivateKey\u0027 was created by casting malformed wire bytes, leading to a panic when used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46598",
"url": "https://www.suse.com/security/cve/CVE-2026-46598"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46598",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:apptainer-1.4.5-bp160.2.1.x86_64",
"openSUSE Leap 16.0:apptainer-leap-1.4.5-bp160.2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:23:45Z",
"details": "important"
}
],
"title": "CVE-2026-46598"
}
]
}
OPENSUSE-SU-2026:20838-1
Vulnerability from csaf_opensuse - Published: 2026-05-28 12:22 - Updated: 2026-05-28 12:22| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for hauler",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for hauler fixes the following issues:\n\nChanges in hauler:\n\n- update x/crypto to 0.52.0 (bsc#1266167, CVE-2026-39827,\n CVE-2026-39834,CVE-2026-39828,CVE-2026-39829,CVE-2026-39831,\n CVE-2026-42508,CVE-2026-39833,CVE-2026-39830,CVE-2026-39832,\n CVE-2026-46597,CVE-2026-46598,CVE-2026-46595,CVE-2026-39835)\n\n- update x/net to v0.53.0 to address CVE-2026-33814 (bsc#1265765)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-packagehub-277",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20838-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1265765",
"url": "https://bugzilla.suse.com/1265765"
},
{
"category": "self",
"summary": "SUSE Bug 1266167",
"url": "https://bugzilla.suse.com/1266167"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39829 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39830 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39831 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39832 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39833 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39834 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39835 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42508 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46595 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46597 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46598 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46598/"
}
],
"title": "Security update for hauler",
"tracking": {
"current_release_date": "2026-05-28T12:22:48Z",
"generator": {
"date": "2026-05-28T12:22:48Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20838-1",
"initial_release_date": "2026-05-28T12:22:48Z",
"revision_history": [
{
"date": "2026-05-28T12:22:48Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "hauler-1.4.3-bp160.2.1.aarch64",
"product": {
"name": "hauler-1.4.3-bp160.2.1.aarch64",
"product_id": "hauler-1.4.3-bp160.2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "hauler-1.4.3-bp160.2.1.x86_64",
"product": {
"name": "hauler-1.4.3-bp160.2.1.x86_64",
"product_id": "hauler-1.4.3-bp160.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "hauler-1.4.3-bp160.2.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64"
},
"product_reference": "hauler-1.4.3-bp160.2.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hauler-1.4.3-bp160.2.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
},
"product_reference": "hauler-1.4.3-bp160.2.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:22:48Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39827"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection\u0027s internal state and released for garbage collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39827",
"url": "https://www.suse.com/security/cve/CVE-2026-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39827",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:22:48Z",
"details": "important"
}
],
"title": "CVE-2026-39827"
},
{
"cve": "CVE-2026-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39828"
}
],
"notes": [
{
"category": "general",
"text": "When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39828",
"url": "https://www.suse.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39828",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:22:48Z",
"details": "important"
}
],
"title": "CVE-2026-39828"
},
{
"cve": "CVE-2026-39829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39829"
}
],
"notes": [
{
"category": "general",
"text": "The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39829",
"url": "https://www.suse.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39829",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:22:48Z",
"details": "important"
}
],
"title": "CVE-2026-39829"
},
{
"cve": "CVE-2026-39830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39830"
}
],
"notes": [
{
"category": "general",
"text": "A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection\u0027s read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39830",
"url": "https://www.suse.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39830",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:22:48Z",
"details": "important"
}
],
"title": "CVE-2026-39830"
},
{
"cve": "CVE-2026-39831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39831"
}
],
"notes": [
{
"category": "general",
"text": "The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a \"no-touch-required\" extension in Permissions.Extensions from PublicKeyCallback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39831",
"url": "https://www.suse.com/security/cve/CVE-2026-39831"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39831",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:22:48Z",
"details": "important"
}
],
"title": "CVE-2026-39831"
},
{
"cve": "CVE-2026-39832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39832"
}
],
"notes": [
{
"category": "general",
"text": "When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39832",
"url": "https://www.suse.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39832",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:22:48Z",
"details": "important"
}
],
"title": "CVE-2026-39832"
},
{
"cve": "CVE-2026-39833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39833"
}
],
"notes": [
{
"category": "general",
"text": "The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39833",
"url": "https://www.suse.com/security/cve/CVE-2026-39833"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39833",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:22:48Z",
"details": "important"
}
],
"title": "CVE-2026-39833"
},
{
"cve": "CVE-2026-39834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39834"
}
],
"notes": [
{
"category": "general",
"text": "When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39834",
"url": "https://www.suse.com/security/cve/CVE-2026-39834"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39834",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:22:48Z",
"details": "important"
}
],
"title": "CVE-2026-39834"
},
{
"cve": "CVE-2026-39835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39835"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39835",
"url": "https://www.suse.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39835",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:22:48Z",
"details": "important"
}
],
"title": "CVE-2026-39835"
},
{
"cve": "CVE-2026-42508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42508"
}
],
"notes": [
{
"category": "general",
"text": "Previously, a revoked \u0027SignatureKey\u0027 belonging to a CA was not correctly checked for revocation. Now, both the \u0027key\u0027 and \u0027key.SignatureKey\u0027 are checked for @revoked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42508",
"url": "https://www.suse.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-42508",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:22:48Z",
"details": "important"
}
],
"title": "CVE-2026-42508"
},
{
"cve": "CVE-2026-46595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46595"
}
],
"notes": [
{
"category": "general",
"text": "Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46595",
"url": "https://www.suse.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46595",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:22:48Z",
"details": "important"
}
],
"title": "CVE-2026-46595"
},
{
"cve": "CVE-2026-46597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46597"
}
],
"notes": [
{
"category": "general",
"text": "An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46597",
"url": "https://www.suse.com/security/cve/CVE-2026-46597"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46597",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:22:48Z",
"details": "important"
}
],
"title": "CVE-2026-46597"
},
{
"cve": "CVE-2026-46598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46598"
}
],
"notes": [
{
"category": "general",
"text": "For certain crafted inputs, a \u0027ed25519.PrivateKey\u0027 was created by casting malformed wire bytes, leading to a panic when used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46598",
"url": "https://www.suse.com/security/cve/CVE-2026-46598"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46598",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.aarch64",
"openSUSE Leap 16.0:hauler-1.4.3-bp160.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-28T12:22:48Z",
"details": "important"
}
],
"title": "CVE-2026-46598"
}
]
}
OPENSUSE-SU-2026:20854-1
Vulnerability from csaf_opensuse - Published: 2026-06-01 15:50 - Updated: 2026-06-01 15:50| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rqlite",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rqlite fixes the following issues:\n\nChanges in rqlite:\n\n- Update to version 10.2.0:\n * Support verifying mTLS peer Common Name\n * Console supports restore from SQLite data\n * Console \"count rows\" respects current Tables Expand/Collapse state\n * Console supports dropping indexes\n * Further Console app improvements\n\n- update go-net depdendency to address IDN Punycode validation\n bypass CVE-2026-39821 boo#1266544\n\n- Update to version 10.1.0:\n * Add Schema management page to Console app\n * Display node TLS state in console\u0027s Cluster panel\n\n- includes changes from 10.0.6:\n * Limit number of redirects followed on cluster-join\n * fix HTTP auth reporting\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-packagehub-284",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20854-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1265706",
"url": "https://bugzilla.suse.com/1265706"
},
{
"category": "self",
"summary": "SUSE Bug 1266544",
"url": "https://bugzilla.suse.com/1266544"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
}
],
"title": "Security update for rqlite",
"tracking": {
"current_release_date": "2026-06-01T15:50:58Z",
"generator": {
"date": "2026-06-01T15:50:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20854-1",
"initial_release_date": "2026-06-01T15:50:58Z",
"revision_history": [
{
"date": "2026-06-01T15:50:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rqlite-10.2.0-bp160.1.1.aarch64",
"product": {
"name": "rqlite-10.2.0-bp160.1.1.aarch64",
"product_id": "rqlite-10.2.0-bp160.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rqlite-10.2.0-bp160.1.1.ppc64le",
"product": {
"name": "rqlite-10.2.0-bp160.1.1.ppc64le",
"product_id": "rqlite-10.2.0-bp160.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rqlite-10.2.0-bp160.1.1.s390x",
"product": {
"name": "rqlite-10.2.0-bp160.1.1.s390x",
"product_id": "rqlite-10.2.0-bp160.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rqlite-10.2.0-bp160.1.1.x86_64",
"product": {
"name": "rqlite-10.2.0-bp160.1.1.x86_64",
"product_id": "rqlite-10.2.0-bp160.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rqlite-10.2.0-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.aarch64"
},
"product_reference": "rqlite-10.2.0-bp160.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rqlite-10.2.0-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.ppc64le"
},
"product_reference": "rqlite-10.2.0-bp160.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rqlite-10.2.0-bp160.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.s390x"
},
"product_reference": "rqlite-10.2.0-bp160.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rqlite-10.2.0-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.x86_64"
},
"product_reference": "rqlite-10.2.0-bp160.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T15:50:58Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.aarch64",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.s390x",
"openSUSE Leap 16.0:rqlite-10.2.0-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T15:50:58Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
}
]
}
RHSA-2026:23262
Vulnerability from csaf_redhat - Published: 2026-06-04 12:39 - Updated: 2026-07-02 19:38A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `html/template` package of Go. A remote attacker could exploit this vulnerability by inserting ASCII whitespaces around the equals sign (`=`) within a URL's content attribute inside a `<meta>` tag. This improper escaping could lead to Cross-Site Scripting (XSS), allowing the attacker to execute malicious scripts in the user's browser.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `net/http/httputil` package, specifically within the `ReverseProxy` component. This vulnerability allows the `ReverseProxy` to forward query parameters that are not visible to `Rewrite` functions. This occurs because the `ReverseProxy` does not correctly consider the `url.ParseQuery` limit on the total number of query parameters. A remote attacker could exploit this to send hidden query parameters, potentially bypassing security policies or controls implemented by `Rewrite` functions, leading to information disclosure or unexpected behavior.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in html/template. A trusted template author could craft a script tag with an empty or whitespace-only 'type' attribute. This vulnerability causes the template engine to incorrectly escape data passed into the script block, potentially leading to cross-site scripting (XSS). An attacker could leverage this to execute arbitrary client-side scripts in a user's browser.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the net/textproto package in Golang. When functions in this package return errors, they include their input as part of the error message. An attacker could exploit this by injecting misleading content into these error messages, which are then printed or logged. This could lead to confusion or misinterpretation of critical system information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang.org/x/crypto/ssh/knownhosts. This vulnerability occurs because the system did not correctly check for the revocation status of a SignatureKey belonging to a Certificate Authority (CA). A remote attacker could potentially exploit this by presenting a revoked key, leading to the system accepting it as valid. This could allow an attacker to bypass security checks and potentially gain unauthorized access or spoof legitimate entities.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in golang.org/x/crypto/ssh. Source-address validation can be skipped when an SSH server configuration uses an authentication callback type other than public key, allowing authorization bypass in misconfigured servers. This is a follow-on to incomplete coverage from the CVE-2024-45337 fix.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\ngolang1.25:\n * golang1.25-1.25.11-2.hum1 (aarch64, x86_64)\n * golang1.25-bin-1.25.11-2.hum1 (aarch64, x86_64)\n * golang1.25-docs-1.25.11-2.hum1 (noarch)\n * golang1.25-misc-1.25.11-2.hum1 (noarch)\n * golang1.25-src-1.25.11-2.hum1 (noarch)\n * golang1.25-tests-1.25.11-2.hum1 (noarch)\n * golang1.25-1.25.11-2.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:23262",
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42504",
"url": "https://access.redhat.com/security/cve/CVE-2026-42504"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27145",
"url": "https://access.redhat.com/security/cve/CVE-2026-27145"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42507",
"url": "https://access.redhat.com/security/cve/CVE-2026-42507"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39821",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-46595",
"url": "https://access.redhat.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39826",
"url": "https://access.redhat.com/security/cve/CVE-2026-39826"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33811",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39820",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39836",
"url": "https://access.redhat.com/security/cve/CVE-2026-39836"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39825",
"url": "https://access.redhat.com/security/cve/CVE-2026-39825"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39823",
"url": "https://access.redhat.com/security/cve/CVE-2026-39823"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33814",
"url": "https://access.redhat.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42508",
"url": "https://access.redhat.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42501",
"url": "https://access.redhat.com/security/cve/CVE-2026-42501"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_23262.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-07-02T19:38:58+00:00",
"generator": {
"date": "2026-07-02T19:38:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:23262",
"initial_release_date": "2026-06-04T12:39:22+00:00",
"revision_history": [
{
"date": "2026-06-04T12:39:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-26T14:08:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-02T19:38:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-25-main@aarch64",
"product": {
"name": "golang1-25-main@aarch64",
"product_id": "golang1-25-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.25@1.25.11-2.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-25-main@src",
"product": {
"name": "golang1-25-main@src",
"product_id": "golang1-25-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.25@1.25.11-2.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-25-main@x86_64",
"product": {
"name": "golang1-25-main@x86_64",
"product_id": "golang1-25-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.25@1.25.11-2.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-25-main@noarch",
"product": {
"name": "golang1-25-main@noarch",
"product_id": "golang1-25-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.25-docs@1.25.11-2.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-25-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-25-main@aarch64"
},
"product_reference": "golang1-25-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-25-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-25-main@noarch"
},
"product_reference": "golang1-25-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-25-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-25-main@src"
},
"product_reference": "golang1-25-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-25-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-25-main@x86_64"
},
"product_reference": "golang1-25-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33811",
"cwe": {
"id": "CWE-1341",
"name": "Multiple Releases of Same Resource or Handle"
},
"discovery_date": "2026-05-07T20:01:34.913869+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467822"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net` package, affecting applications configured to use the `cgo` DNS resolver. A remote attacker could trigger a double-free memory error by providing a very long CNAME response, leading to a crash of the vulnerable application and impacting service availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "RHBZ#2467822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33811",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33811"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://go.dev/cl/767860",
"url": "https://go.dev/cl/767860"
},
{
"category": "external",
"summary": "https://go.dev/issue/78803",
"url": "https://go.dev/issue/78803"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4981",
"url": "https://pkg.go.dev/vuln/GO-2026-4981"
}
],
"release_date": "2026-05-07T19:41:19.285000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:39:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications can be configured to use the pure Go DNS resolver instead of the `cgo` DNS resolver. This can be achieved by setting the `GODEBUG` environment variable to `netdns=go`. For example, to run a Go application with this mitigation: `GODEBUG=netdns=go /path/to/your/go/application`. This change may require restarting affected applications or services to take effect. Users should verify that this change does not negatively impact DNS resolution for their specific application environment.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
},
{
"cve": "CVE-2026-33814",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-07T20:01:11.324941+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467815"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important denial of service flaw in the Go HTTP/2 protocol implementation allows a remote, unauthenticated attacker to exhaust system resources. By sending a specially crafted HTTP/2 SETTINGS frame with a zero-value SETTINGS_MAX_FRAME_SIZE, the vulnerable Go library enters an infinite loop, impacting the availability of services utilizing HTTP/2.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "RHBZ#2467815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467815"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33814",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814"
},
{
"category": "external",
"summary": "https://go.dev/cl/761581",
"url": "https://go.dev/cl/761581"
},
{
"category": "external",
"summary": "https://go.dev/cl/761640",
"url": "https://go.dev/cl/761640"
},
{
"category": "external",
"summary": "https://go.dev/issue/78476",
"url": "https://go.dev/issue/78476"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4918",
"url": "https://pkg.go.dev/vuln/GO-2026-4918"
}
],
"release_date": "2026-05-07T19:41:17.631000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:39:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame"
},
{
"cve": "CVE-2026-39821",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-22T16:00:52.844126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480756"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/net/idna is vulnerable to privilege escalation through incorrect Punycode label handling in ToASCII and ToUnicode. An attacker who can supply a Punycode hostname that passes an ASCII-only authorization check may have it normalized to a restricted ASCII name the application intended to block. Red Hat exposure is broad across products shipping the Go toolchain or bundling golang.org/x/net, including RHEL and RHEL-AI golang RPMs, hummingbird Go runtimes, OpenShift and ODF container builds, and Ceph/OpenShift components compiled against affected x/net versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "RHBZ#2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://go.dev/cl/767220",
"url": "https://go.dev/cl/767220"
},
{
"category": "external",
"summary": "https://go.dev/issue/78760",
"url": "https://go.dev/issue/78760"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8",
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5026",
"url": "https://pkg.go.dev/vuln/GO-2026-5026"
}
],
"release_date": "2026-05-22T15:01:21.462000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:39:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing"
},
{
"cve": "CVE-2026-39823",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-05-07T20:00:58.284024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467811"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `html/template` package of Go. A remote attacker could exploit this vulnerability by inserting ASCII whitespaces around the equals sign (`=`) within a URL\u0027s content attribute inside a `\u003cmeta\u003e` tag. This improper escaping could lead to Cross-Site Scripting (XSS), allowing the attacker to execute malicious scripts in the user\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat products ship the Go `html/template` package as a dependency of various Go-based components. The affected functionality involves URL escaping inside `\u003cmeta\u003e` tag content attributes, which requires an application to render user-controlled URLs in meta tags using `html/template`. While the vulnerable code is present, exploitation requires a specific usage pattern that is uncommon in Red Hat product code paths.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39823"
},
{
"category": "external",
"summary": "RHBZ#2467811",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467811"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39823",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39823"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39823",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39823"
},
{
"category": "external",
"summary": "https://go.dev/cl/769920",
"url": "https://go.dev/cl/769920"
},
{
"category": "external",
"summary": "https://go.dev/issue/78913",
"url": "https://go.dev/issue/78913"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4982",
"url": "https://pkg.go.dev/vuln/GO-2026-4982"
}
],
"release_date": "2026-05-07T19:41:19.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:39:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"category": "workaround",
"details": "Ensure that user-supplied URLs are validated and sanitized before being passed to Go\u0027s `html/template` package for rendering in HTML meta tag content attributes. Avoid rendering untrusted URL data directly in meta tag content attributes.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content"
},
{
"cve": "CVE-2026-39825",
"cwe": {
"id": "CWE-472",
"name": "External Control of Assumed-Immutable Web Parameter"
},
"discovery_date": "2026-05-07T20:01:37.714133+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467823"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/http/httputil` package, specifically within the `ReverseProxy` component. This vulnerability allows the `ReverseProxy` to forward query parameters that are not visible to `Rewrite` functions. This occurs because the `ReverseProxy` does not correctly consider the `url.ParseQuery` limit on the total number of query parameters. A remote attacker could exploit this to send hidden query parameters, potentially bypassing security policies or controls implemented by `Rewrite` functions, leading to information disclosure or unexpected behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in Go\u0027s net/http/httputil package where ReverseProxy can forward query parameters that are hidden from Rewrite or Director functions. This occurs when the number of query parameters exceeds the url.ParseQuery limit (controlled by the GODEBUG setting urlmaxqueryparams). While Red Hat ships Go-based components across many products, exploitation requires that an application use ReverseProxy with a Rewrite or Director function that relies on query parameter inspection for security enforcement, which limits the practical impact of this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39825"
},
{
"category": "external",
"summary": "RHBZ#2467823",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467823"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39825",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39825"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39825",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39825"
},
{
"category": "external",
"summary": "https://go.dev/cl/770541",
"url": "https://go.dev/cl/770541"
},
{
"category": "external",
"summary": "https://go.dev/issue/78948",
"url": "https://go.dev/issue/78948"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4976",
"url": "https://pkg.go.dev/vuln/GO-2026-4976"
}
],
"release_date": "2026-05-07T19:41:18.453000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:39:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"category": "workaround",
"details": "Increase the maximum number of query parameters allowed by setting the GODEBUG environment variable `urlmaxqueryparams` to a higher value (e.g., `GODEBUG=urlmaxqueryparams=20000`), or validate and enforce security controls on query parameters at the backend service rather than relying solely on the ReverseProxy\u0027s Rewrite or Director function for security filtering.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls"
},
{
"cve": "CVE-2026-39826",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-07T20:01:46.305827+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467826"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in html/template. A trusted template author could craft a script tag with an empty or whitespace-only \u0027type\u0027 attribute. This vulnerability causes the template engine to incorrectly escape data passed into the script block, potentially leading to cross-site scripting (XSS). An attacker could leverage this to execute arbitrary client-side scripts in a user\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39826"
},
{
"category": "external",
"summary": "RHBZ#2467826",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467826"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39826",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39826"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39826",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39826"
},
{
"category": "external",
"summary": "https://go.dev/cl/771180",
"url": "https://go.dev/cl/771180"
},
{
"category": "external",
"summary": "https://go.dev/issue/78981",
"url": "https://go.dev/issue/78981"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4980",
"url": "https://pkg.go.dev/vuln/GO-2026-4980"
}
],
"release_date": "2026-05-07T19:41:19.138000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:39:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping"
},
{
"cve": "CVE-2026-42507",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2026-06-02T23:01:03.125126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2484205"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/textproto package in Golang. When functions in this package return errors, they include their input as part of the error message. An attacker could exploit this by injecting misleading content into these error messages, which are then printed or logged. This could lead to confusion or misinterpretation of critical system information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/textproto: golang: Golang net/textproto: Misleading error messages via input injection",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42507"
},
{
"category": "external",
"summary": "RHBZ#2484205",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2484205"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42507",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42507"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42507",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42507"
},
{
"category": "external",
"summary": "https://go.dev/cl/777060",
"url": "https://go.dev/cl/777060"
},
{
"category": "external",
"summary": "https://go.dev/issue/79346",
"url": "https://go.dev/issue/79346"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/tKs3rmcBcKw",
"url": "https://groups.google.com/g/golang-announce/c/tKs3rmcBcKw"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5039",
"url": "https://pkg.go.dev/vuln/GO-2026-5039"
}
],
"release_date": "2026-06-02T22:01:37.307000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:39:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/textproto: golang: Golang net/textproto: Misleading error messages via input injection"
},
{
"cve": "CVE-2026-42508",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-05-22T04:01:49.515058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480688"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh/knownhosts. This vulnerability occurs because the system did not correctly check for the revocation status of a SignatureKey belonging to a Certificate Authority (CA). A remote attacker could potentially exploit this by presenting a revoked key, leading to the system accepting it as valid. This could allow an attacker to bypass security checks and potentially gain unauthorized access or spoof legitimate entities.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "RHBZ#2480688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480688"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42508",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42508"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42508",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42508"
},
{
"category": "external",
"summary": "https://go.dev/cl/781220",
"url": "https://go.dev/cl/781220"
},
{
"category": "external",
"summary": "https://go.dev/issue/79568",
"url": "https://go.dev/issue/79568"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5021",
"url": "https://pkg.go.dev/vuln/GO-2026-5021"
}
],
"release_date": "2026-05-22T02:31:27.644000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:39:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey"
},
{
"cve": "CVE-2026-46595",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"discovery_date": "2026-05-22T04:01:52.215134+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480689"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. Source-address validation can be skipped when an SSH server configuration uses an authentication callback type other than public key, allowing authorization bypass in misconfigured servers. This is a follow-on to incomplete coverage from the CVE-2024-45337 fix.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/crypto/ssh is vulnerable to authorization bypass when SSH server configurations rely on source-address validation alongside non-public-key authentication callbacks. An attacker with low privileges who can authenticate through such a callback path may bypass intended source-address restrictions and gain unauthorized SSH access. Red Hat impact sits in services built with affected x/crypto/ssh, including RHEL golang streams, hummingbird Go toolchains, RHACM/MCE agents, and OpenShift or Ceph components that embed Go SSH servers with mixed callback types.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "RHBZ#2480689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-46595",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46595"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-46595",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46595"
},
{
"category": "external",
"summary": "https://go.dev/cl/781642",
"url": "https://go.dev/cl/781642"
},
{
"category": "external",
"summary": "https://go.dev/issue/79570",
"url": "https://go.dev/issue/79570"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5023",
"url": "https://pkg.go.dev/vuln/GO-2026-5023"
}
],
"release_date": "2026-05-22T02:31:27.894000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:39:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/crypto/ssh release via updated golang or package rebuilds. Ensure SSH servers use supported public-key callback configurations with source-address validation as intended.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation"
}
]
}
RHSA-2026:23264
Vulnerability from csaf_redhat - Published: 2026-06-04 12:43 - Updated: 2026-07-02 19:38A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `html/template` package of Go. A remote attacker could exploit this vulnerability by inserting ASCII whitespaces around the equals sign (`=`) within a URL's content attribute inside a `<meta>` tag. This improper escaping could lead to Cross-Site Scripting (XSS), allowing the attacker to execute malicious scripts in the user's browser.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `net/http/httputil` package, specifically within the `ReverseProxy` component. This vulnerability allows the `ReverseProxy` to forward query parameters that are not visible to `Rewrite` functions. This occurs because the `ReverseProxy` does not correctly consider the `url.ParseQuery` limit on the total number of query parameters. A remote attacker could exploit this to send hidden query parameters, potentially bypassing security policies or controls implemented by `Rewrite` functions, leading to information disclosure or unexpected behavior.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in html/template. A trusted template author could craft a script tag with an empty or whitespace-only 'type' attribute. This vulnerability causes the template engine to incorrectly escape data passed into the script block, potentially leading to cross-site scripting (XSS). An attacker could leverage this to execute arbitrary client-side scripts in a user's browser.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the net/textproto package in Golang. When functions in this package return errors, they include their input as part of the error message. An attacker could exploit this by injecting misleading content into these error messages, which are then printed or logged. This could lead to confusion or misinterpretation of critical system information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang.org/x/crypto/ssh/knownhosts. This vulnerability occurs because the system did not correctly check for the revocation status of a SignatureKey belonging to a Certificate Authority (CA). A remote attacker could potentially exploit this by presenting a revoked key, leading to the system accepting it as valid. This could allow an attacker to bypass security checks and potentially gain unauthorized access or spoof legitimate entities.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in golang.org/x/crypto/ssh. Source-address validation can be skipped when an SSH server configuration uses an authentication callback type other than public key, allowing authorization bypass in misconfigured servers. This is a follow-on to incomplete coverage from the CVE-2024-45337 fix.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\ngolang1.26:\n * golang1.26-1.26.4-2.hum1 (aarch64, x86_64)\n * golang1.26-bin-1.26.4-2.hum1 (aarch64, x86_64)\n * golang1.26-docs-1.26.4-2.hum1 (noarch)\n * golang1.26-misc-1.26.4-2.hum1 (noarch)\n * golang1.26-src-1.26.4-2.hum1 (noarch)\n * golang1.26-tests-1.26.4-2.hum1 (noarch)\n * golang1.26-1.26.4-2.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:23264",
"url": "https://access.redhat.com/errata/RHSA-2026:23264"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42504",
"url": "https://access.redhat.com/security/cve/CVE-2026-42504"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27145",
"url": "https://access.redhat.com/security/cve/CVE-2026-27145"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42507",
"url": "https://access.redhat.com/security/cve/CVE-2026-42507"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39821",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-46595",
"url": "https://access.redhat.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39826",
"url": "https://access.redhat.com/security/cve/CVE-2026-39826"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39820",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33811",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39836",
"url": "https://access.redhat.com/security/cve/CVE-2026-39836"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39825",
"url": "https://access.redhat.com/security/cve/CVE-2026-39825"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39823",
"url": "https://access.redhat.com/security/cve/CVE-2026-39823"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33814",
"url": "https://access.redhat.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42508",
"url": "https://access.redhat.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42501",
"url": "https://access.redhat.com/security/cve/CVE-2026-42501"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_23264.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-07-02T19:38:58+00:00",
"generator": {
"date": "2026-07-02T19:38:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:23264",
"initial_release_date": "2026-06-04T12:43:59+00:00",
"revision_history": [
{
"date": "2026-06-04T12:43:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-26T14:08:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-02T19:38:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-26-main@aarch64",
"product": {
"name": "golang1-26-main@aarch64",
"product_id": "golang1-26-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.26@1.26.4-2.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-26-main@src",
"product": {
"name": "golang1-26-main@src",
"product_id": "golang1-26-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.26@1.26.4-2.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-26-main@x86_64",
"product": {
"name": "golang1-26-main@x86_64",
"product_id": "golang1-26-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.26@1.26.4-2.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-26-main@noarch",
"product": {
"name": "golang1-26-main@noarch",
"product_id": "golang1-26-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.26-docs@1.26.4-2.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-26-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-26-main@aarch64"
},
"product_reference": "golang1-26-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-26-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-26-main@noarch"
},
"product_reference": "golang1-26-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-26-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-26-main@src"
},
"product_reference": "golang1-26-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-26-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-26-main@x86_64"
},
"product_reference": "golang1-26-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33811",
"cwe": {
"id": "CWE-1341",
"name": "Multiple Releases of Same Resource or Handle"
},
"discovery_date": "2026-05-07T20:01:34.913869+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467822"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net` package, affecting applications configured to use the `cgo` DNS resolver. A remote attacker could trigger a double-free memory error by providing a very long CNAME response, leading to a crash of the vulnerable application and impacting service availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "RHBZ#2467822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33811",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33811"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://go.dev/cl/767860",
"url": "https://go.dev/cl/767860"
},
{
"category": "external",
"summary": "https://go.dev/issue/78803",
"url": "https://go.dev/issue/78803"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4981",
"url": "https://pkg.go.dev/vuln/GO-2026-4981"
}
],
"release_date": "2026-05-07T19:41:19.285000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:43:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23264"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications can be configured to use the pure Go DNS resolver instead of the `cgo` DNS resolver. This can be achieved by setting the `GODEBUG` environment variable to `netdns=go`. For example, to run a Go application with this mitigation: `GODEBUG=netdns=go /path/to/your/go/application`. This change may require restarting affected applications or services to take effect. Users should verify that this change does not negatively impact DNS resolution for their specific application environment.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
},
{
"cve": "CVE-2026-33814",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-07T20:01:11.324941+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467815"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important denial of service flaw in the Go HTTP/2 protocol implementation allows a remote, unauthenticated attacker to exhaust system resources. By sending a specially crafted HTTP/2 SETTINGS frame with a zero-value SETTINGS_MAX_FRAME_SIZE, the vulnerable Go library enters an infinite loop, impacting the availability of services utilizing HTTP/2.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "RHBZ#2467815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467815"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33814",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814"
},
{
"category": "external",
"summary": "https://go.dev/cl/761581",
"url": "https://go.dev/cl/761581"
},
{
"category": "external",
"summary": "https://go.dev/cl/761640",
"url": "https://go.dev/cl/761640"
},
{
"category": "external",
"summary": "https://go.dev/issue/78476",
"url": "https://go.dev/issue/78476"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4918",
"url": "https://pkg.go.dev/vuln/GO-2026-4918"
}
],
"release_date": "2026-05-07T19:41:17.631000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:43:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23264"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame"
},
{
"cve": "CVE-2026-39821",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-22T16:00:52.844126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480756"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/net/idna is vulnerable to privilege escalation through incorrect Punycode label handling in ToASCII and ToUnicode. An attacker who can supply a Punycode hostname that passes an ASCII-only authorization check may have it normalized to a restricted ASCII name the application intended to block. Red Hat exposure is broad across products shipping the Go toolchain or bundling golang.org/x/net, including RHEL and RHEL-AI golang RPMs, hummingbird Go runtimes, OpenShift and ODF container builds, and Ceph/OpenShift components compiled against affected x/net versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "RHBZ#2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://go.dev/cl/767220",
"url": "https://go.dev/cl/767220"
},
{
"category": "external",
"summary": "https://go.dev/issue/78760",
"url": "https://go.dev/issue/78760"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8",
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5026",
"url": "https://pkg.go.dev/vuln/GO-2026-5026"
}
],
"release_date": "2026-05-22T15:01:21.462000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:43:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23264"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing"
},
{
"cve": "CVE-2026-39823",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-05-07T20:00:58.284024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467811"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `html/template` package of Go. A remote attacker could exploit this vulnerability by inserting ASCII whitespaces around the equals sign (`=`) within a URL\u0027s content attribute inside a `\u003cmeta\u003e` tag. This improper escaping could lead to Cross-Site Scripting (XSS), allowing the attacker to execute malicious scripts in the user\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat products ship the Go `html/template` package as a dependency of various Go-based components. The affected functionality involves URL escaping inside `\u003cmeta\u003e` tag content attributes, which requires an application to render user-controlled URLs in meta tags using `html/template`. While the vulnerable code is present, exploitation requires a specific usage pattern that is uncommon in Red Hat product code paths.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39823"
},
{
"category": "external",
"summary": "RHBZ#2467811",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467811"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39823",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39823"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39823",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39823"
},
{
"category": "external",
"summary": "https://go.dev/cl/769920",
"url": "https://go.dev/cl/769920"
},
{
"category": "external",
"summary": "https://go.dev/issue/78913",
"url": "https://go.dev/issue/78913"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4982",
"url": "https://pkg.go.dev/vuln/GO-2026-4982"
}
],
"release_date": "2026-05-07T19:41:19.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:43:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23264"
},
{
"category": "workaround",
"details": "Ensure that user-supplied URLs are validated and sanitized before being passed to Go\u0027s `html/template` package for rendering in HTML meta tag content attributes. Avoid rendering untrusted URL data directly in meta tag content attributes.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content"
},
{
"cve": "CVE-2026-39825",
"cwe": {
"id": "CWE-472",
"name": "External Control of Assumed-Immutable Web Parameter"
},
"discovery_date": "2026-05-07T20:01:37.714133+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467823"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/http/httputil` package, specifically within the `ReverseProxy` component. This vulnerability allows the `ReverseProxy` to forward query parameters that are not visible to `Rewrite` functions. This occurs because the `ReverseProxy` does not correctly consider the `url.ParseQuery` limit on the total number of query parameters. A remote attacker could exploit this to send hidden query parameters, potentially bypassing security policies or controls implemented by `Rewrite` functions, leading to information disclosure or unexpected behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in Go\u0027s net/http/httputil package where ReverseProxy can forward query parameters that are hidden from Rewrite or Director functions. This occurs when the number of query parameters exceeds the url.ParseQuery limit (controlled by the GODEBUG setting urlmaxqueryparams). While Red Hat ships Go-based components across many products, exploitation requires that an application use ReverseProxy with a Rewrite or Director function that relies on query parameter inspection for security enforcement, which limits the practical impact of this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39825"
},
{
"category": "external",
"summary": "RHBZ#2467823",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467823"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39825",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39825"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39825",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39825"
},
{
"category": "external",
"summary": "https://go.dev/cl/770541",
"url": "https://go.dev/cl/770541"
},
{
"category": "external",
"summary": "https://go.dev/issue/78948",
"url": "https://go.dev/issue/78948"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4976",
"url": "https://pkg.go.dev/vuln/GO-2026-4976"
}
],
"release_date": "2026-05-07T19:41:18.453000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:43:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23264"
},
{
"category": "workaround",
"details": "Increase the maximum number of query parameters allowed by setting the GODEBUG environment variable `urlmaxqueryparams` to a higher value (e.g., `GODEBUG=urlmaxqueryparams=20000`), or validate and enforce security controls on query parameters at the backend service rather than relying solely on the ReverseProxy\u0027s Rewrite or Director function for security filtering.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http/httputil: golang: net/http/httputil: ReverseProxy forwards hidden query parameters, potentially bypassing security controls"
},
{
"cve": "CVE-2026-39826",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-07T20:01:46.305827+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467826"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in html/template. A trusted template author could craft a script tag with an empty or whitespace-only \u0027type\u0027 attribute. This vulnerability causes the template engine to incorrectly escape data passed into the script block, potentially leading to cross-site scripting (XSS). An attacker could leverage this to execute arbitrary client-side scripts in a user\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39826"
},
{
"category": "external",
"summary": "RHBZ#2467826",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467826"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39826",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39826"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39826",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39826"
},
{
"category": "external",
"summary": "https://go.dev/cl/771180",
"url": "https://go.dev/cl/771180"
},
{
"category": "external",
"summary": "https://go.dev/issue/78981",
"url": "https://go.dev/issue/78981"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4980",
"url": "https://pkg.go.dev/vuln/GO-2026-4980"
}
],
"release_date": "2026-05-07T19:41:19.138000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:43:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23264"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "html/template: golang: html/template: Cross-site scripting due to incorrect script tag escaping"
},
{
"cve": "CVE-2026-42507",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2026-06-02T23:01:03.125126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2484205"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/textproto package in Golang. When functions in this package return errors, they include their input as part of the error message. An attacker could exploit this by injecting misleading content into these error messages, which are then printed or logged. This could lead to confusion or misinterpretation of critical system information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/textproto: golang: Golang net/textproto: Misleading error messages via input injection",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42507"
},
{
"category": "external",
"summary": "RHBZ#2484205",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2484205"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42507",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42507"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42507",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42507"
},
{
"category": "external",
"summary": "https://go.dev/cl/777060",
"url": "https://go.dev/cl/777060"
},
{
"category": "external",
"summary": "https://go.dev/issue/79346",
"url": "https://go.dev/issue/79346"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/tKs3rmcBcKw",
"url": "https://groups.google.com/g/golang-announce/c/tKs3rmcBcKw"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5039",
"url": "https://pkg.go.dev/vuln/GO-2026-5039"
}
],
"release_date": "2026-06-02T22:01:37.307000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:43:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23264"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/textproto: golang: Golang net/textproto: Misleading error messages via input injection"
},
{
"cve": "CVE-2026-42508",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-05-22T04:01:49.515058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480688"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh/knownhosts. This vulnerability occurs because the system did not correctly check for the revocation status of a SignatureKey belonging to a Certificate Authority (CA). A remote attacker could potentially exploit this by presenting a revoked key, leading to the system accepting it as valid. This could allow an attacker to bypass security checks and potentially gain unauthorized access or spoof legitimate entities.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "RHBZ#2480688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480688"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42508",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42508"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42508",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42508"
},
{
"category": "external",
"summary": "https://go.dev/cl/781220",
"url": "https://go.dev/cl/781220"
},
{
"category": "external",
"summary": "https://go.dev/issue/79568",
"url": "https://go.dev/issue/79568"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5021",
"url": "https://pkg.go.dev/vuln/GO-2026-5021"
}
],
"release_date": "2026-05-22T02:31:27.644000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:43:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23264"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey"
},
{
"cve": "CVE-2026-46595",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"discovery_date": "2026-05-22T04:01:52.215134+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480689"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. Source-address validation can be skipped when an SSH server configuration uses an authentication callback type other than public key, allowing authorization bypass in misconfigured servers. This is a follow-on to incomplete coverage from the CVE-2024-45337 fix.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/crypto/ssh is vulnerable to authorization bypass when SSH server configurations rely on source-address validation alongside non-public-key authentication callbacks. An attacker with low privileges who can authenticate through such a callback path may bypass intended source-address restrictions and gain unauthorized SSH access. Red Hat impact sits in services built with affected x/crypto/ssh, including RHEL golang streams, hummingbird Go toolchains, RHACM/MCE agents, and OpenShift or Ceph components that embed Go SSH servers with mixed callback types.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "RHBZ#2480689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-46595",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46595"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-46595",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46595"
},
{
"category": "external",
"summary": "https://go.dev/cl/781642",
"url": "https://go.dev/cl/781642"
},
{
"category": "external",
"summary": "https://go.dev/issue/79570",
"url": "https://go.dev/issue/79570"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5023",
"url": "https://pkg.go.dev/vuln/GO-2026-5023"
}
],
"release_date": "2026-05-22T02:31:27.894000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T12:43:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23264"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/crypto/ssh release via updated golang or package rebuilds. Ensure SSH servers use supported public-key callback configurations with source-address validation as intended.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation"
}
]
}
RHSA-2026:33120
Vulnerability from csaf_redhat - Published: 2026-06-29 14:23 - Updated: 2026-07-02 13:40A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64 | — |
Workaround
|
A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64 | — |
Workaround
|
A flaw was found in the `net/mail` package of the Go programming language. An attacker could provide specially crafted inputs to the `ParseAddress`, `ParseAddressList`, or `ParseDate` functions. This could lead to excessive consumption of CPU and memory resources, resulting in a Denial of Service (DoS) for applications processing these inputs.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64 | — |
Workaround
|
A flaw was found in the `net/mail` package within the Go standard library. A remote attacker could provide specially crafted, pathological email addresses. When these malformed email addresses are parsed by the `consumePhrase` function, it can lead to excessive resource consumption due to quadratic string concatenation, resulting in a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 3.0.13\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 3.0.13, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n\nSecurity Fix(es):\n\n* CVE-2026-39820 openshift-golang-builder-container: Go net/mail: Denial of Service via crafted email inputs (OSSM-14269)\n* CVE-2026-42499 openshift-golang-builder-container: net/mail: Denial of Service via pathological email address parsing (OSSM-14500)\n* CVE-2026-33814 openshift-golang-builder-container: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame (OSSM-14548)\n* CVE-2026-33811 openshift-golang-builder-container: Go net package: Denial of Service via long CNAME response in LookupCNAME (OSSM-14564)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:33120",
"url": "https://access.redhat.com/errata/RHSA-2026:33120"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33811",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33814",
"url": "https://access.redhat.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39820",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42499",
"url": "https://access.redhat.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33120.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.0.13",
"tracking": {
"current_release_date": "2026-07-02T13:40:56+00:00",
"generator": {
"date": "2026-07-02T13:40:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:33120",
"initial_release_date": "2026-06-29T14:23:25+00:00",
"revision_history": [
{
"date": "2026-06-29T14:23:25+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-29T14:23:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-02T13:40:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.0",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.0::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-sail-operator-bundle@sha256%3A19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle\u0026tag=1782301456"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3Abb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782222217"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782222514"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782222607"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Af473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782223341"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782296193"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9\u0026tag=1782223469"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3Ab994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782222217"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Ae71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782222514"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Ae1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782222607"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Aa1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782223341"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782296193"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Aec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9\u0026tag=1782223469"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782222217"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Aa6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782222514"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782222607"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782223341"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782296193"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Ac77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9\u0026tag=1782223469"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782222217"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Aee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782222514"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782222607"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Abdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782223341"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Ae24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782296193"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Ac1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9\u0026tag=1782223469"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33811",
"cwe": {
"id": "CWE-1341",
"name": "Multiple Releases of Same Resource or Handle"
},
"discovery_date": "2026-05-07T20:01:34.913869+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467822"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net` package, affecting applications configured to use the `cgo` DNS resolver. A remote attacker could trigger a double-free memory error by providing a very long CNAME response, leading to a crash of the vulnerable application and impacting service availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "RHBZ#2467822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33811",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33811"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://go.dev/cl/767860",
"url": "https://go.dev/cl/767860"
},
{
"category": "external",
"summary": "https://go.dev/issue/78803",
"url": "https://go.dev/issue/78803"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4981",
"url": "https://pkg.go.dev/vuln/GO-2026-4981"
}
],
"release_date": "2026-05-07T19:41:19.285000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T14:23:25+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.13 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33120"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications can be configured to use the pure Go DNS resolver instead of the `cgo` DNS resolver. This can be achieved by setting the `GODEBUG` environment variable to `netdns=go`. For example, to run a Go application with this mitigation: `GODEBUG=netdns=go /path/to/your/go/application`. This change may require restarting affected applications or services to take effect. Users should verify that this change does not negatively impact DNS resolution for their specific application environment.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
},
{
"cve": "CVE-2026-33814",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-07T20:01:11.324941+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467815"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important denial of service flaw in the Go HTTP/2 protocol implementation allows a remote, unauthenticated attacker to exhaust system resources. By sending a specially crafted HTTP/2 SETTINGS frame with a zero-value SETTINGS_MAX_FRAME_SIZE, the vulnerable Go library enters an infinite loop, impacting the availability of services utilizing HTTP/2.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "RHBZ#2467815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467815"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33814",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814"
},
{
"category": "external",
"summary": "https://go.dev/cl/761581",
"url": "https://go.dev/cl/761581"
},
{
"category": "external",
"summary": "https://go.dev/cl/761640",
"url": "https://go.dev/cl/761640"
},
{
"category": "external",
"summary": "https://go.dev/issue/78476",
"url": "https://go.dev/issue/78476"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4918",
"url": "https://pkg.go.dev/vuln/GO-2026-4918"
}
],
"release_date": "2026-05-07T19:41:17.631000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T14:23:25+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.13 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33120"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame"
},
{
"cve": "CVE-2026-39820",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-07T20:01:27.800929+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467820"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/mail` package of the Go programming language. An attacker could provide specially crafted inputs to the `ParseAddress`, `ParseAddressList`, or `ParseDate` functions. This could lead to excessive consumption of CPU and memory resources, resulting in a Denial of Service (DoS) for applications processing these inputs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: golang: Go net/mail: Denial of Service via crafted email inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net/mail` package. Applications processing untrusted email inputs via `ParseAddress`, `ParseAddressList`, or `ParseDate` functions are susceptible to excessive resource consumption, which can lead to service unavailability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "RHBZ#2467820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467820"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39820",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://go.dev/cl/759940",
"url": "https://go.dev/cl/759940"
},
{
"category": "external",
"summary": "https://go.dev/issue/78566",
"url": "https://go.dev/issue/78566"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4986",
"url": "https://pkg.go.dev/vuln/GO-2026-4986"
}
],
"release_date": "2026-05-07T19:41:19.854000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T14:23:25+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.13 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33120"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/mail: golang: Go net/mail: Denial of Service via crafted email inputs"
},
{
"cve": "CVE-2026-42499",
"cwe": {
"id": "CWE-1046",
"name": "Creation of Immutable Text Using String Concatenation"
},
"discovery_date": "2026-05-07T20:00:51.685602+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467809"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/mail` package within the Go standard library. A remote attacker could provide specially crafted, pathological email addresses. When these malformed email addresses are parsed by the `consumePhrase` function, it can lead to excessive resource consumption due to quadratic string concatenation, resulting in a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: golang: net/mail: Denial of Service via pathological email address parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the `net/mail` package of the Go standard library. A remote attacker can exploit this flaw by sending specially crafted email addresses, leading to excessive resource consumption and a denial of service in Go applications that parse email addresses using the affected library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "RHBZ#2467809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467809"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42499",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42499"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499"
},
{
"category": "external",
"summary": "https://go.dev/cl/771520",
"url": "https://go.dev/cl/771520"
},
{
"category": "external",
"summary": "https://go.dev/issue/78987",
"url": "https://go.dev/issue/78987"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4977",
"url": "https://pkg.go.dev/vuln/GO-2026-4977"
}
],
"release_date": "2026-05-07T19:41:18.615000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T14:23:25+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.13 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33120"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:5fdcc9c7b6ff9b4b099713c4d549128c12b335fb0c28154f631ba3e9f99c8f52_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c1e04b361c355bb1d5f44a57dc041158eef59eb83f831a4d6413b00298af79d2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:c77f3dcf9aef74e532505742c538ae46e3eb569cd72398736d476dba197aa1ed_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:ec5f07a3b10e44e9300eb7d62cfc0d1d31833ab72c12f5815ff0542b81624b7c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:42493d19383ead956b26476cc20dfa6c328bbdb5a4f40ba5be32f8f87ede33d4_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4d80beaa628f568236255e1970ffcfff668ee23faf97f532e881b0025f98111d_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b994454b076fda08a36d4d949545d6d80229c9345a00f59d04ccbab41ef54066_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:bb734ae567ad77fd92f44c3d226055055a8c990b8123db23386149f418e68f04_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0dbe0cdb02314a8a78dca02557441f9b99ab3bcd93157c17dbbb81f5cbc8eb81_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:a6f4f1a5fa8fa84fd7850e17dfbe1837ea35fe636385f3dfcd63a3ecb975b410_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e71fa71c7203561946e9f0038eaad69957c9717b34abc60fcd4044e1f64417b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ee26949de4dce15bc35847d8f361c507fb852d9f006eaabd07a344f3c56856f9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:30e125ba97b545946ce958d62acfa95a095baecae5dfa80a44617a44e22633e8_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a1c134048c73b0ba902974f0515938902de93b0c3b32f0cc91fb8a6f45706629_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:bdf16979b6650d9016b07c0dfab4b75e727234755a7c0d9beb1230c98d313dff_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f473fa7b227648c66af6f54c728d8b42af3ceb1dcfca21c295f2e2af36dd31b7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:138e739ebd61c7b1b47f0056d7b9a889a6368529e7fca3cb755c7b40be65df2c_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:5d92ddc988d165e8e2b66e017a8cbd1ac1ee7fc91caaacec62bfcedce1c3f2b3_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:919e44a19dafe3670f6431be3aa01bf7bfebfdeacac5c3882cd9c8e2e4905516_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:e24864eb5b3285151c6a59f9f35a097467458ff21f0831be5178d3f74910b822_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:38ca5e774bac8287a27dc4af5b4f015fa1a3e2bcc1618c97e642a5ff4ab66982_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6d607b4aac9562b1401b33c9dc4d496ec13c75d765bf426e11bcf4fa5769a056_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70dc18e5444c2ebc7c0b77740d0083de9d4e139f45e59292ae1edd48a518d8af_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1644b7694bf252a2e220773f811e5ae7f83c2c0c1885ff7c3a2f471cab33ed1_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:19ead4f64970ea27823756dd4e0e55215c8787c4d5d923cde8e4c8345dc013c5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/mail: golang: net/mail: Denial of Service via pathological email address parsing"
}
]
}
RHSA-2026:33123
Vulnerability from csaf_redhat - Published: 2026-06-29 14:40 - Updated: 2026-07-02 13:40A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64 | — |
Workaround
|
A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64 | — |
Workaround
|
A flaw was found in the `net/mail` package of the Go programming language. An attacker could provide specially crafted inputs to the `ParseAddress`, `ParseAddressList`, or `ParseDate` functions. This could lead to excessive consumption of CPU and memory resources, resulting in a Denial of Service (DoS) for applications processing these inputs.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64 | — |
Workaround
|
A flaw was found in the `net/mail` package within the Go standard library. A remote attacker could provide specially crafted, pathological email addresses. When these malformed email addresses are parsed by the `consumePhrase` function, it can lead to excessive resource consumption due to quadratic string concatenation, resulting in a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 3.1.10\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 3.1.10, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n\nSecurity Fix(es):\n\n* CVE-2026-39820 openshift-golang-builder-container: Go net/mail: Denial of Service via crafted email inputs (OSSM-14266)\n* CVE-2026-42499 openshift-golang-builder-container: net/mail: Denial of Service via pathological email address parsing (OSSM-14501)\n* CVE-2026-33814 openshift-golang-builder-container: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame (OSSM-14549)\n* CVE-2026-33811 openshift-golang-builder-container: Go net package: Denial of Service via long CNAME response in LookupCNAME (OSSM-14562)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:33123",
"url": "https://access.redhat.com/errata/RHSA-2026:33123"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33811",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33814",
"url": "https://access.redhat.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39820",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42499",
"url": "https://access.redhat.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33123.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.1.10",
"tracking": {
"current_release_date": "2026-07-02T13:40:56+00:00",
"generator": {
"date": "2026-07-02T13:40:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:33123",
"initial_release_date": "2026-06-29T14:40:31+00:00",
"revision_history": [
{
"date": "2026-06-29T14:40:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-29T14:40:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-02T13:40:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.1",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-sail-operator-bundle@sha256%3A0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle\u0026tag=1782301303"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782222163"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782222367"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782222451"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Ade940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782223138"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782222394"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9\u0026tag=1782223665"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782222163"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782222367"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782222451"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782223138"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Ab6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782222394"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Aa09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9\u0026tag=1782223665"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782222163"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Ac2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782222367"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Ad613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782222451"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782223138"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782222394"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9\u0026tag=1782223665"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782222163"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782222367"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782222451"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Aa6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782223138"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782222394"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Ace2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9\u0026tag=1782223665"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33811",
"cwe": {
"id": "CWE-1341",
"name": "Multiple Releases of Same Resource or Handle"
},
"discovery_date": "2026-05-07T20:01:34.913869+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467822"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net` package, affecting applications configured to use the `cgo` DNS resolver. A remote attacker could trigger a double-free memory error by providing a very long CNAME response, leading to a crash of the vulnerable application and impacting service availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "RHBZ#2467822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33811",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33811"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://go.dev/cl/767860",
"url": "https://go.dev/cl/767860"
},
{
"category": "external",
"summary": "https://go.dev/issue/78803",
"url": "https://go.dev/issue/78803"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4981",
"url": "https://pkg.go.dev/vuln/GO-2026-4981"
}
],
"release_date": "2026-05-07T19:41:19.285000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T14:40:31+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33123"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications can be configured to use the pure Go DNS resolver instead of the `cgo` DNS resolver. This can be achieved by setting the `GODEBUG` environment variable to `netdns=go`. For example, to run a Go application with this mitigation: `GODEBUG=netdns=go /path/to/your/go/application`. This change may require restarting affected applications or services to take effect. Users should verify that this change does not negatively impact DNS resolution for their specific application environment.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
},
{
"cve": "CVE-2026-33814",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-07T20:01:11.324941+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467815"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important denial of service flaw in the Go HTTP/2 protocol implementation allows a remote, unauthenticated attacker to exhaust system resources. By sending a specially crafted HTTP/2 SETTINGS frame with a zero-value SETTINGS_MAX_FRAME_SIZE, the vulnerable Go library enters an infinite loop, impacting the availability of services utilizing HTTP/2.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "RHBZ#2467815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467815"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33814",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814"
},
{
"category": "external",
"summary": "https://go.dev/cl/761581",
"url": "https://go.dev/cl/761581"
},
{
"category": "external",
"summary": "https://go.dev/cl/761640",
"url": "https://go.dev/cl/761640"
},
{
"category": "external",
"summary": "https://go.dev/issue/78476",
"url": "https://go.dev/issue/78476"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4918",
"url": "https://pkg.go.dev/vuln/GO-2026-4918"
}
],
"release_date": "2026-05-07T19:41:17.631000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T14:40:31+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33123"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame"
},
{
"cve": "CVE-2026-39820",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-07T20:01:27.800929+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467820"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/mail` package of the Go programming language. An attacker could provide specially crafted inputs to the `ParseAddress`, `ParseAddressList`, or `ParseDate` functions. This could lead to excessive consumption of CPU and memory resources, resulting in a Denial of Service (DoS) for applications processing these inputs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: golang: Go net/mail: Denial of Service via crafted email inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net/mail` package. Applications processing untrusted email inputs via `ParseAddress`, `ParseAddressList`, or `ParseDate` functions are susceptible to excessive resource consumption, which can lead to service unavailability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "RHBZ#2467820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467820"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39820",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://go.dev/cl/759940",
"url": "https://go.dev/cl/759940"
},
{
"category": "external",
"summary": "https://go.dev/issue/78566",
"url": "https://go.dev/issue/78566"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4986",
"url": "https://pkg.go.dev/vuln/GO-2026-4986"
}
],
"release_date": "2026-05-07T19:41:19.854000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T14:40:31+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33123"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/mail: golang: Go net/mail: Denial of Service via crafted email inputs"
},
{
"cve": "CVE-2026-42499",
"cwe": {
"id": "CWE-1046",
"name": "Creation of Immutable Text Using String Concatenation"
},
"discovery_date": "2026-05-07T20:00:51.685602+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467809"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/mail` package within the Go standard library. A remote attacker could provide specially crafted, pathological email addresses. When these malformed email addresses are parsed by the `consumePhrase` function, it can lead to excessive resource consumption due to quadratic string concatenation, resulting in a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: golang: net/mail: Denial of Service via pathological email address parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the `net/mail` package of the Go standard library. A remote attacker can exploit this flaw by sending specially crafted email addresses, leading to excessive resource consumption and a denial of service in Go applications that parse email addresses using the affected library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "RHBZ#2467809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467809"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42499",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42499"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499"
},
{
"category": "external",
"summary": "https://go.dev/cl/771520",
"url": "https://go.dev/cl/771520"
},
{
"category": "external",
"summary": "https://go.dev/issue/78987",
"url": "https://go.dev/issue/78987"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4977",
"url": "https://pkg.go.dev/vuln/GO-2026-4977"
}
],
"release_date": "2026-05-07T19:41:18.615000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T14:40:31+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.10 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33123"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:2213bdf2e395c942887e916b0604dd177f3c7b25919a8fa6c4ea2246b33087ca_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:3720b37fb6276ee8ebb7eacf59caa30e303a36a757146933c778ef66829a6d27_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:a09a41cc17d7d83ceea7eb1f4761194e302fbef0325ad05f5f341535e00ac6a0_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:ce2f97fff855fe6a546e7015f81e30f5fc20b6cd59aa5ab3703f1ffbd89de276_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04babebfba688f27d328a068ab6400442a1c059961483ebef56e96af7f094ae6_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1718f2b90cf50dd2b4d3162f29d19ae82efecacee33c9e5583251acae57e389f_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5b60802e90debcd63790368760a2283ac2c874eb18b3c270df53ab71d907ec1c_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9ed06b503616ee74cc30fcec3793c4f6ab080d0132237175734c1a83f220b837_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0300747fe88b9256e01f3830c8ddf9b3583fc6911dabb1063f395c05b81b19e9_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2c6db06b9ea300fd25473da01aa7ccd4768ef7966a55d96091727145839db03e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:99b40adc7b0cdab81288fecedce9a71aa98e49163cd665e2f951db9ab2cfa8bd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c2afde700f563fde9412de96b31ec90edd4677ef2d7c8934ce2f8e91cdceca71_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:40efc5f922847ee8272c66934730e638ff4216708e304e37d166e172ade10255_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7b57f5b93ad04fa8d55d652e9b0cca942d80bd0bd0d29f6da1325608d2476bb5_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:a6eda970e4a56fc34858e356671cb4e2defaa2bc8f4ddeb93a8e7c3ec9bbce19_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:de940211055c70dd42db84044096345fa0b8e49ecaa968586ce54b90c9ede4f6_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:370f34f3ffdf2508cf14cc6e05764b28c2407899c413f288ed3627aa8bf48810_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7ebb308e017b844f85ba952aaac5fec604ff88104249598e2b1c2025428ef425_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8ab1314ba3c45788ef412d7f2fb2fc4c3de9ab3b9f91be9d9a84db4649cf6ad3_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b6569533c9414806ff1dc7011a88ff8162f31c16466d5aeab8991ff1f48e4a87_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:10ecb4096705a66cba0a6994b52abb04e404f1eeb2f262663de053efe5735068_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:77b4cba5e3affb9261f58a0b86daf2e17d7fa3a9420886b08e5a8cf8da40d1cc_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9721a32e358596f67ec05736862a7cf929ae9a2593318fe7e5cb5e63ecbb8d68_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:d613f9f4b1584e28cfe729e069fb768b447091db285a98ee9c6833fb0573d566_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:0666c45bb1d292fa1170bd7640ba1e982c70f9cf4caeedd97ee9de22dbc16dfd_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/mail: golang: net/mail: Denial of Service via pathological email address parsing"
}
]
}
RHSA-2026:33142
Vulnerability from csaf_redhat - Published: 2026-06-29 14:56 - Updated: 2026-07-02 13:40A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x | — |
Workaround
|
A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x | — |
Workaround
|
A flaw was found in the `net/mail` package of the Go programming language. An attacker could provide specially crafted inputs to the `ParseAddress`, `ParseAddressList`, or `ParseDate` functions. This could lead to excessive consumption of CPU and memory resources, resulting in a Denial of Service (DoS) for applications processing these inputs.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x | — |
Workaround
|
A flaw was found in the `net/mail` package within the Go standard library. A remote attacker could provide specially crafted, pathological email addresses. When these malformed email addresses are parsed by the `consumePhrase` function, it can lead to excessive resource consumption due to quadratic string concatenation, resulting in a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 3.2.7\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 3.2.7, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\nSecurity Fix(es):\n\n* CVE-2026-39820 openshift-golang-builder-container: Go net/mail: Denial of Service via crafted email inputs (OSSM-14267)\n* CVE-2026-33814 openshift-golang-builder-container: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame (OSSM-14551)\n* CVE-2026-42499 openshift-golang-builder-container: net/mail: Denial of Service via pathological email address parsing (OSSM-14499)\n* CVE-2026-33811 openshift-golang-builder-container: Go net package: Denial of Service via long CNAME response in LookupCNAME (OSSM-14566)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:33142",
"url": "https://access.redhat.com/errata/RHSA-2026:33142"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33811",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33814",
"url": "https://access.redhat.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39820",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42499",
"url": "https://access.redhat.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33142.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.2.7",
"tracking": {
"current_release_date": "2026-07-02T13:40:56+00:00",
"generator": {
"date": "2026-07-02T13:40:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:33142",
"initial_release_date": "2026-06-29T14:56:08+00:00",
"revision_history": [
{
"date": "2026-06-29T14:56:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-29T14:56:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-02T13:40:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.2",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-sail-operator-bundle@sha256%3Acbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle\u0026tag=1782310795"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782226178"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Ac489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782225149"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Ae2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782224541"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782224487"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Ad7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782303211"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9\u0026tag=1782225516"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782226178"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782225149"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Afc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782224541"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782224487"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782303211"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Af91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9\u0026tag=1782225516"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3Ae846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782226178"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782225149"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782224541"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782224487"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782303211"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Ae4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9\u0026tag=1782225516"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3Addbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782226178"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782225149"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782224541"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782224487"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Aad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782303211"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Afab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9\u0026tag=1782225516"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33811",
"cwe": {
"id": "CWE-1341",
"name": "Multiple Releases of Same Resource or Handle"
},
"discovery_date": "2026-05-07T20:01:34.913869+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467822"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net` package, affecting applications configured to use the `cgo` DNS resolver. A remote attacker could trigger a double-free memory error by providing a very long CNAME response, leading to a crash of the vulnerable application and impacting service availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "RHBZ#2467822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33811",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33811"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://go.dev/cl/767860",
"url": "https://go.dev/cl/767860"
},
{
"category": "external",
"summary": "https://go.dev/issue/78803",
"url": "https://go.dev/issue/78803"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4981",
"url": "https://pkg.go.dev/vuln/GO-2026-4981"
}
],
"release_date": "2026-05-07T19:41:19.285000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T14:56:08+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33142"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications can be configured to use the pure Go DNS resolver instead of the `cgo` DNS resolver. This can be achieved by setting the `GODEBUG` environment variable to `netdns=go`. For example, to run a Go application with this mitigation: `GODEBUG=netdns=go /path/to/your/go/application`. This change may require restarting affected applications or services to take effect. Users should verify that this change does not negatively impact DNS resolution for their specific application environment.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
},
{
"cve": "CVE-2026-33814",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-07T20:01:11.324941+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467815"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important denial of service flaw in the Go HTTP/2 protocol implementation allows a remote, unauthenticated attacker to exhaust system resources. By sending a specially crafted HTTP/2 SETTINGS frame with a zero-value SETTINGS_MAX_FRAME_SIZE, the vulnerable Go library enters an infinite loop, impacting the availability of services utilizing HTTP/2.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "RHBZ#2467815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467815"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33814",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814"
},
{
"category": "external",
"summary": "https://go.dev/cl/761581",
"url": "https://go.dev/cl/761581"
},
{
"category": "external",
"summary": "https://go.dev/cl/761640",
"url": "https://go.dev/cl/761640"
},
{
"category": "external",
"summary": "https://go.dev/issue/78476",
"url": "https://go.dev/issue/78476"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4918",
"url": "https://pkg.go.dev/vuln/GO-2026-4918"
}
],
"release_date": "2026-05-07T19:41:17.631000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T14:56:08+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33142"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame"
},
{
"cve": "CVE-2026-39820",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-07T20:01:27.800929+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467820"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/mail` package of the Go programming language. An attacker could provide specially crafted inputs to the `ParseAddress`, `ParseAddressList`, or `ParseDate` functions. This could lead to excessive consumption of CPU and memory resources, resulting in a Denial of Service (DoS) for applications processing these inputs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: golang: Go net/mail: Denial of Service via crafted email inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net/mail` package. Applications processing untrusted email inputs via `ParseAddress`, `ParseAddressList`, or `ParseDate` functions are susceptible to excessive resource consumption, which can lead to service unavailability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "RHBZ#2467820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467820"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39820",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://go.dev/cl/759940",
"url": "https://go.dev/cl/759940"
},
{
"category": "external",
"summary": "https://go.dev/issue/78566",
"url": "https://go.dev/issue/78566"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4986",
"url": "https://pkg.go.dev/vuln/GO-2026-4986"
}
],
"release_date": "2026-05-07T19:41:19.854000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T14:56:08+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33142"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/mail: golang: Go net/mail: Denial of Service via crafted email inputs"
},
{
"cve": "CVE-2026-42499",
"cwe": {
"id": "CWE-1046",
"name": "Creation of Immutable Text Using String Concatenation"
},
"discovery_date": "2026-05-07T20:00:51.685602+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467809"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/mail` package within the Go standard library. A remote attacker could provide specially crafted, pathological email addresses. When these malformed email addresses are parsed by the `consumePhrase` function, it can lead to excessive resource consumption due to quadratic string concatenation, resulting in a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: golang: net/mail: Denial of Service via pathological email address parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the `net/mail` package of the Go standard library. A remote attacker can exploit this flaw by sending specially crafted email addresses, leading to excessive resource consumption and a denial of service in Go applications that parse email addresses using the affected library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "RHBZ#2467809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467809"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42499",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42499"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499"
},
{
"category": "external",
"summary": "https://go.dev/cl/771520",
"url": "https://go.dev/cl/771520"
},
{
"category": "external",
"summary": "https://go.dev/issue/78987",
"url": "https://go.dev/issue/78987"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4977",
"url": "https://pkg.go.dev/vuln/GO-2026-4977"
}
],
"release_date": "2026-05-07T19:41:18.615000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T14:56:08+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.7 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33142"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:6361c72a416f9c526cb8bd5302a09576ecb42783b5463373b4e1a156a853e7c7_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:9f1288a84d733a35b614799b089d7387eb531d93a74a6c3c000050f25c02e118_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:ddbadeeccbdf5d5790fe0b0d1f73c20a076c78abf4a3b772cb3a659da1cb498e_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e846c7a3249d9adde4fe726ea014a9baeda40ac77682956d2eb7a7d0b98d44b2_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:532913386d1d87491af0103aaa5864f7a6c49b1102b797d3ee1abf9fdd30f6af_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:654aaa8fed47874eab09983497f3e8ca68c585f1d571b7cb16e74456d0507a1b_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7c8176fdbaa174d3e63d19a1b3ff87265b933222001b93e48c727b803e57cf65_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:c489a0307f63b00c751076a2094965e6abb4156ab699fe6f7a3cacba4a21584c_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:2c856d274a80d96a0baf6637fb8d80de3c8ab4b33e81dd0010f8ba2322dde6e2_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:52faa002893296c093bb9a54b83fdb32e0ff51bbec06cea798eb90fe6c3ef248_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:61a9860dfcda26edb8b93c43f21c9e02e2d3cd77b38796be02757df310bb8ac5_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:76b3c3919d3568cc0d89f7c856ed8a2375e30a31d7a951b9f314c13b832b1f7d_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:009aeda3bde6e5594ba93e4fbf40c6016847e7b43662a6116a27525a3156053e_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:11c730544a9bb63c8904584852b72258e72d27490f7e3d81563de58472dda1a9_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:ad1307ea51df6499586f5bca6f199eba0ed210c0c92cb956dc369c260bc2365f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d7701c740d3dfd0a09779d16959d6f152f833e0412e596b814a1aa59fe786375_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4daa21ee08d85e5e730e2b58505921432b0dea68d9070657c0056dad1a811cad_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:70b467c190151f56fb06e8f1dcf310df9df814c7385bcfd445f7fba632a67a02_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e2631180cdd17b45eada7b7bc819a11820c579e99f752591ba436738cbc68e65_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fc1ade41eb326612cfb20663acc42544138b26aa139b0c34672f7a41913ab772_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cbd159ca7efa82158770d4d2c77ef594f3abe09eb15af211af310183b70e0b39_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:3e87bd8143a3c855ff49c81de4659f1543778ba14c84cde5be25c266ad9f662a_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:e4112975c38998a87442a638362137ae09e1d37ff5223646c0e1b5d0fa23f35b_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f91bcf707e6e9124f82b85349909a34b95feacaa429b9b7c56e78c391f87211d_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:fab818bf0fb122eddbf2180491168661a70c709f6aaaaf3fac78595d0cc0a13e_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/mail: golang: net/mail: Denial of Service via pathological email address parsing"
}
]
}
RHSA-2026:33150
Vulnerability from csaf_redhat - Published: 2026-06-29 15:29 - Updated: 2026-07-02 13:40A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le | — |
Workaround
|
A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le | — |
Workaround
|
A flaw was found in the `net/mail` package of the Go programming language. An attacker could provide specially crafted inputs to the `ParseAddress`, `ParseAddressList`, or `ParseDate` functions. This could lead to excessive consumption of CPU and memory resources, resulting in a Denial of Service (DoS) for applications processing these inputs.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le | — |
Workaround
|
A flaw was found in the `net/mail` package within the Go standard library. A remote attacker could provide specially crafted, pathological email addresses. When these malformed email addresses are parsed by the `consumePhrase` function, it can lead to excessive resource consumption due to quadratic string concatenation, resulting in a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 3.3.5\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 3.3.5, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n\nSecurity Fix(es):\n\n* CVE-2026-39820 openshift-golang-builder-container: Go net/mail: Denial of Service via crafted email inputs (OSSM-14270)\n* CVE-2026-42499 openshift-golang-builder-container: net/mail: Denial of Service via pathological email address parsing (OSSM-14502)\n* CVE-2026-33814 openshift-golang-builder-container: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame (OSSM-14547)\n* CVE-2026-33811 openshift-golang-builder-container: Go net package: Denial of Service via long CNAME response in LookupCNAME (OSSM-14565)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:33150",
"url": "https://access.redhat.com/errata/RHSA-2026:33150"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33811",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33814",
"url": "https://access.redhat.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39820",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42499",
"url": "https://access.redhat.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33150.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.3.5",
"tracking": {
"current_release_date": "2026-07-02T13:40:57+00:00",
"generator": {
"date": "2026-07-02T13:40:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:33150",
"initial_release_date": "2026-06-29T15:29:11+00:00",
"revision_history": [
{
"date": "2026-06-29T15:29:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-29T15:29:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-02T13:40:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.3",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.3::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-sail-operator-bundle@sha256%3Ae5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle\u0026tag=1782315701"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3Ac4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782223045"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782222206"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782222038"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782222366"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782310747"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9\u0026tag=1782222723"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3Ab49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782223045"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782222206"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782222038"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Ad7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782222366"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Ab526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782310747"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Ac15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9\u0026tag=1782222723"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782223045"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782222206"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Aca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782222038"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Aef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782222366"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782310747"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Af26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9\u0026tag=1782222723"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel9\u0026tag=1782223045"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1782222206"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Aed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel9-operator\u0026tag=1782222038"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Ab8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9\u0026tag=1782222366"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Aa6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9\u0026tag=1782310747"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9\u0026tag=1782222723"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64 as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le as a component of Red Hat OpenShift Service Mesh 3.3",
"product_id": "Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33811",
"cwe": {
"id": "CWE-1341",
"name": "Multiple Releases of Same Resource or Handle"
},
"discovery_date": "2026-05-07T20:01:34.913869+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467822"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net` package, affecting applications configured to use the `cgo` DNS resolver. A remote attacker could trigger a double-free memory error by providing a very long CNAME response, leading to a crash of the vulnerable application and impacting service availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "RHBZ#2467822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33811",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33811"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://go.dev/cl/767860",
"url": "https://go.dev/cl/767860"
},
{
"category": "external",
"summary": "https://go.dev/issue/78803",
"url": "https://go.dev/issue/78803"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4981",
"url": "https://pkg.go.dev/vuln/GO-2026-4981"
}
],
"release_date": "2026-05-07T19:41:19.285000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T15:29:11+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.3.5 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33150"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications can be configured to use the pure Go DNS resolver instead of the `cgo` DNS resolver. This can be achieved by setting the `GODEBUG` environment variable to `netdns=go`. For example, to run a Go application with this mitigation: `GODEBUG=netdns=go /path/to/your/go/application`. This change may require restarting affected applications or services to take effect. Users should verify that this change does not negatively impact DNS resolution for their specific application environment.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
},
{
"cve": "CVE-2026-33814",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-07T20:01:11.324941+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467815"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the HTTP/2 protocol implementation within the Go standard library (golang.org/x/net and net/http/internal/http2). A remote attacker can exploit this vulnerability by sending a specially crafted HTTP/2 SETTINGS frame with the SETTINGS_MAX_FRAME_SIZE parameter set to zero. This malicious frame causes the transport layer to enter an infinite loop of writing CONTINUATION frames, leading to resource exhaustion and a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important denial of service flaw in the Go HTTP/2 protocol implementation allows a remote, unauthenticated attacker to exhaust system resources. By sending a specially crafted HTTP/2 SETTINGS frame with a zero-value SETTINGS_MAX_FRAME_SIZE, the vulnerable Go library enters an infinite loop, impacting the availability of services utilizing HTTP/2.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "RHBZ#2467815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467815"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33814",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33814"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814"
},
{
"category": "external",
"summary": "https://go.dev/cl/761581",
"url": "https://go.dev/cl/761581"
},
{
"category": "external",
"summary": "https://go.dev/cl/761640",
"url": "https://go.dev/cl/761640"
},
{
"category": "external",
"summary": "https://go.dev/issue/78476",
"url": "https://go.dev/issue/78476"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4918",
"url": "https://pkg.go.dev/vuln/GO-2026-4918"
}
],
"release_date": "2026-05-07T19:41:17.631000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T15:29:11+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.3.5 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33150"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame"
},
{
"cve": "CVE-2026-39820",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-07T20:01:27.800929+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467820"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/mail` package of the Go programming language. An attacker could provide specially crafted inputs to the `ParseAddress`, `ParseAddressList`, or `ParseDate` functions. This could lead to excessive consumption of CPU and memory resources, resulting in a Denial of Service (DoS) for applications processing these inputs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: golang: Go net/mail: Denial of Service via crafted email inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net/mail` package. Applications processing untrusted email inputs via `ParseAddress`, `ParseAddressList`, or `ParseDate` functions are susceptible to excessive resource consumption, which can lead to service unavailability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "RHBZ#2467820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467820"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39820",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://go.dev/cl/759940",
"url": "https://go.dev/cl/759940"
},
{
"category": "external",
"summary": "https://go.dev/issue/78566",
"url": "https://go.dev/issue/78566"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4986",
"url": "https://pkg.go.dev/vuln/GO-2026-4986"
}
],
"release_date": "2026-05-07T19:41:19.854000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T15:29:11+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.3.5 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33150"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/mail: golang: Go net/mail: Denial of Service via crafted email inputs"
},
{
"cve": "CVE-2026-42499",
"cwe": {
"id": "CWE-1046",
"name": "Creation of Immutable Text Using String Concatenation"
},
"discovery_date": "2026-05-07T20:00:51.685602+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467809"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/mail` package within the Go standard library. A remote attacker could provide specially crafted, pathological email addresses. When these malformed email addresses are parsed by the `consumePhrase` function, it can lead to excessive resource consumption due to quadratic string concatenation, resulting in a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: golang: net/mail: Denial of Service via pathological email address parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the `net/mail` package of the Go standard library. A remote attacker can exploit this flaw by sending specially crafted email addresses, leading to excessive resource consumption and a denial of service in Go applications that parse email addresses using the affected library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "RHBZ#2467809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467809"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42499",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42499"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499"
},
{
"category": "external",
"summary": "https://go.dev/cl/771520",
"url": "https://go.dev/cl/771520"
},
{
"category": "external",
"summary": "https://go.dev/issue/78987",
"url": "https://go.dev/issue/78987"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4977",
"url": "https://pkg.go.dev/vuln/GO-2026-4977"
}
],
"release_date": "2026-05-07T19:41:18.615000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T15:29:11+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.3.5 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.3",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33150"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:33b95627674ae3c2c861b608ed1774eebf0fb935ac68252607a47f85d08b2e9e_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:80ec849e60eea36fac738606f21f7913b58c73adad65ea90f28c85322825d834_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:b49f1a001e39eda43e5663f883497795115033e4f9244ddfe2eb0157c108f8e4_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:c4540d0958efbefb455276b66e2eefc857c0a081f62ae5d2fedaca4194b54af5_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:2782bb9a9ef969484a11457d74cf601c269b40ee04443c9971dce2f3991f8f84_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:45bcc823540a2b4a733d5e62d21add913355757eb9fe7e98c3c0abe367ff0fce_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:500bdbe8258d40029f4b01cb59db71a631cd334601ba9398ac66b68fe13e7202_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:84ad0a9408aa3f3aafb2ee2cae236cba9099a348df038c70f4bc2612d752c21b_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:92457a690fbc08e28e12fd27a9496eb96d7ebaeb2d020c37b85aa6b9e4c118b0_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8296fd78c18bd81fb337551e3535a89ddef292673bb96e3aa7ea7934ebc8f04_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d7af5398b0e60a6531627a2a58bde371e83448eed320a7965904a574d8e0b085_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:ef1aecb6e0f4e3adb6e402dd6c9ad67fbc1a2788f1e5beb6ccae325428780018_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:19b2d80d3968aa8dd004a5928b43ef741e62c1f5991923ac9d0e6a529264205c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9f5b9a1c78a9c66f4f1234b1dc5d5c607b08ca376a7fe5189ba30e3552797435_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a6f021e3e71117be6d033874e5c84bca7e13beed284259bf2398e36759740e13_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:b526221d3897f33a9bf621c0f73d772d2982856b70bcbda107cf1a644b30562e_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:16e423afb75103bd669214d1b1290a518ce5fb6c892dec4146720bbcf83baa73_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:67d00b75ead6bae7ff671f10446f292a5db5437ff99e4d59635330de8ab7002c_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ca2402ccdb16d77237bd8e60553dcac65f8345d70b5b20815039f954543713d7_ppc64le",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:ed825173015eac1018f157365defbac336f4d791ca5133e992abd17c9f153c67_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:e5045fa856fea16678dde8489381e393028a79dd23b2d479ada0396248eec546_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:402493b3158a8bb9e3fd173ebd101c404a68c7a07e5176a9b70fa3e7ee9c1187_s390x",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:6a851b3cd3c201a1e2a8ddea7c21fc1c7d5845fe73c0ca5b902a72a1585d2132_amd64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c15c43a0719287a27aa75e3391e4e1fb96c1aa69e2982b34a0a98f99d23b6fd9_arm64",
"Red Hat OpenShift Service Mesh 3.3:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:f26bf9d900f0682660af10575c78fbb6aa7cf7bb8287f8aef4461e5add63409c_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/mail: golang: net/mail: Denial of Service via pathological email address parsing"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.