RHSA-2022:1276
Vulnerability from csaf_redhat
Published
2022-04-07 18:02
Modified
2025-03-30 13:47
Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.0.9 security update
Notes
Topic
Red Hat OpenShift Service Mesh 2.0.9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
This advisory covers the RPM packages for the release.
Security Fix(es):
* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
* envoy: Incorrect configuration handling allows mTLS session re-use without re-validation (CVE-2022-21654)
* envoy: Incorrect handling of internal redirects to routes with a direct response entry (CVE-2022-21655)
* istio: Unauthenticated control plane denial of service attack due to stack exhaustion (CVE-2022-24726)
* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension (CVE-2020-28851)
* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)
* nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749)
* ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)
* golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)
* golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)
* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)
* envoy: Null pointer dereference when using JWT filter safe_regex match (CVE-2021-43824)
* envoy: Use-after-free when response filters increase response data (CVE-2021-43825)
* envoy: Use-after-free when tunneling TCP over HTTP (CVE-2021-43826)
* envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service (CVE-2022-23606)
* istio: unauthenticated control plane denial of service attack (CVE-2022-23635)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Service Mesh 2.0.9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nThis advisory covers the RPM packages for the release.\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* envoy: Incorrect configuration handling allows mTLS session re-use without re-validation (CVE-2022-21654)\n\n* envoy: Incorrect handling of internal redirects to routes with a direct response entry (CVE-2022-21655)\n\n* istio: Unauthenticated control plane denial of service attack due to stack exhaustion (CVE-2022-24726)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension (CVE-2020-28851)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)\n\n* nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749)\n\n* ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)\n\n* golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)\n\n* golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* envoy: Null pointer dereference when using JWT filter safe_regex match (CVE-2021-43824)\n\n* envoy: Use-after-free when response filters increase response data (CVE-2021-43825)\n\n* envoy: Use-after-free when tunneling TCP over HTTP (CVE-2021-43826)\n\n* envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service (CVE-2022-23606)\n\n* istio: unauthenticated control plane denial of service attack (CVE-2022-23635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:1276", url: "https://access.redhat.com/errata/RHSA-2022:1276", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1913333", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1913333", }, { category: "external", summary: "1913338", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1913338", }, { category: "external", summary: "1921650", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1921650", }, { category: "external", summary: "1954368", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1954368", }, { category: "external", summary: "1992006", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1992006", }, { category: "external", summary: "1995656", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1995656", }, { category: "external", summary: "1999784", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1999784", }, { category: "external", summary: "2030787", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2030787", }, { category: "external", summary: "2050744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050744", }, { category: "external", summary: "2050746", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050746", }, { category: "external", summary: "2050748", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050748", }, { category: "external", summary: "2050753", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050753", }, { category: "external", summary: "2050757", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050757", }, { category: "external", summary: "2050758", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050758", }, { category: "external", summary: "2057277", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2057277", }, { category: "external", summary: "2061638", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061638", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1276.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.0.9 security update", tracking: { current_release_date: "2025-03-30T13:47:45+00:00", generator: { date: "2025-03-30T13:47:45+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2022:1276", initial_release_date: "2022-04-07T18:02:07+00:00", revision_history: [ { date: "2022-04-07T18:02:07+00:00", number: "1", summary: "Initial version", }, { date: "2022-04-07T18:02:07+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-30T13:47:45+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "OpenShift Service Mesh 2.0", product: { name: "OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0", product_identification_helper: { cpe: "cpe:/a:redhat:service_mesh:2.0::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Service Mesh", }, { branches: [ { category: "product_version", name: "kiali-0:v1.24.7.redhat1-1.el8.src", product: { name: "kiali-0:v1.24.7.redhat1-1.el8.src", product_id: "kiali-0:v1.24.7.redhat1-1.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/kiali@v1.24.7.redhat1-1.el8?arch=src", }, }, }, { category: "product_version", name: "servicemesh-proxy-0:2.0.9-3.el8.src", product: { name: "servicemesh-proxy-0:2.0.9-3.el8.src", product_id: "servicemesh-proxy-0:2.0.9-3.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh-proxy@2.0.9-3.el8?arch=src", }, }, }, { category: "product_version", name: "servicemesh-operator-0:2.0.9-3.el8.src", product: { name: "servicemesh-operator-0:2.0.9-3.el8.src", product_id: "servicemesh-operator-0:2.0.9-3.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh-operator@2.0.9-3.el8?arch=src", }, }, }, { category: "product_version", name: "servicemesh-0:2.0.9-3.el8.src", product: { name: "servicemesh-0:2.0.9-3.el8.src", product_id: "servicemesh-0:2.0.9-3.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh@2.0.9-3.el8?arch=src", }, }, }, { category: "product_version", name: "servicemesh-prometheus-0:2.14.0-16.el8.1.src", product: { name: "servicemesh-prometheus-0:2.14.0-16.el8.1.src", product_id: "servicemesh-prometheus-0:2.14.0-16.el8.1.src", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh-prometheus@2.14.0-16.el8.1?arch=src", }, }, }, { category: "product_version", name: "servicemesh-cni-0:2.0.9-3.el8.src", product: { name: "servicemesh-cni-0:2.0.9-3.el8.src", product_id: "servicemesh-cni-0:2.0.9-3.el8.src", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh-cni@2.0.9-3.el8?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "kiali-0:v1.24.7.redhat1-1.el8.x86_64", product: { name: "kiali-0:v1.24.7.redhat1-1.el8.x86_64", product_id: "kiali-0:v1.24.7.redhat1-1.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/kiali@v1.24.7.redhat1-1.el8?arch=x86_64", }, }, }, { category: "product_version", name: "servicemesh-proxy-0:2.0.9-3.el8.x86_64", product: { name: "servicemesh-proxy-0:2.0.9-3.el8.x86_64", product_id: "servicemesh-proxy-0:2.0.9-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh-proxy@2.0.9-3.el8?arch=x86_64", }, }, }, { category: "product_version", name: "servicemesh-operator-0:2.0.9-3.el8.x86_64", product: { name: "servicemesh-operator-0:2.0.9-3.el8.x86_64", product_id: "servicemesh-operator-0:2.0.9-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh-operator@2.0.9-3.el8?arch=x86_64", }, }, }, { category: "product_version", name: "servicemesh-0:2.0.9-3.el8.x86_64", product: { name: "servicemesh-0:2.0.9-3.el8.x86_64", product_id: "servicemesh-0:2.0.9-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh@2.0.9-3.el8?arch=x86_64", }, }, }, { category: "product_version", name: "servicemesh-istioctl-0:2.0.9-3.el8.x86_64", product: { name: "servicemesh-istioctl-0:2.0.9-3.el8.x86_64", product_id: "servicemesh-istioctl-0:2.0.9-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh-istioctl@2.0.9-3.el8?arch=x86_64", }, }, }, { category: "product_version", name: "servicemesh-mixc-0:2.0.9-3.el8.x86_64", product: { name: "servicemesh-mixc-0:2.0.9-3.el8.x86_64", product_id: "servicemesh-mixc-0:2.0.9-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh-mixc@2.0.9-3.el8?arch=x86_64", }, }, }, { category: "product_version", name: "servicemesh-mixs-0:2.0.9-3.el8.x86_64", product: { name: "servicemesh-mixs-0:2.0.9-3.el8.x86_64", product_id: "servicemesh-mixs-0:2.0.9-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh-mixs@2.0.9-3.el8?arch=x86_64", }, }, }, { category: "product_version", name: "servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", product: { name: "servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", product_id: "servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh-pilot-agent@2.0.9-3.el8?arch=x86_64", }, }, }, { category: "product_version", name: "servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", product: { name: "servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", product_id: "servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh-pilot-discovery@2.0.9-3.el8?arch=x86_64", }, }, }, { category: "product_version", name: "servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", product: { name: "servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", product_id: "servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh-prometheus@2.14.0-16.el8.1?arch=x86_64", }, }, }, { category: "product_version", name: "servicemesh-cni-0:2.0.9-3.el8.x86_64", product: { name: "servicemesh-cni-0:2.0.9-3.el8.x86_64", product_id: "servicemesh-cni-0:2.0.9-3.el8.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh-cni@2.0.9-3.el8?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "kiali-0:v1.24.7.redhat1-1.el8.ppc64le", product: { name: "kiali-0:v1.24.7.redhat1-1.el8.ppc64le", product_id: "kiali-0:v1.24.7.redhat1-1.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/kiali@v1.24.7.redhat1-1.el8?arch=ppc64le", }, }, }, { category: "product_version", name: "servicemesh-proxy-0:2.0.9-3.el8.ppc64le", product: { name: "servicemesh-proxy-0:2.0.9-3.el8.ppc64le", product_id: "servicemesh-proxy-0:2.0.9-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh-proxy@2.0.9-3.el8?arch=ppc64le", }, }, }, { category: "product_version", name: "servicemesh-operator-0:2.0.9-3.el8.ppc64le", product: { name: "servicemesh-operator-0:2.0.9-3.el8.ppc64le", product_id: "servicemesh-operator-0:2.0.9-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh-operator@2.0.9-3.el8?arch=ppc64le", }, }, }, { category: "product_version", name: "servicemesh-0:2.0.9-3.el8.ppc64le", product: { name: "servicemesh-0:2.0.9-3.el8.ppc64le", product_id: "servicemesh-0:2.0.9-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh@2.0.9-3.el8?arch=ppc64le", }, }, }, { category: "product_version", name: "servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", product: { name: "servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", product_id: "servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh-istioctl@2.0.9-3.el8?arch=ppc64le", }, }, }, { category: "product_version", name: "servicemesh-mixc-0:2.0.9-3.el8.ppc64le", product: { name: "servicemesh-mixc-0:2.0.9-3.el8.ppc64le", product_id: "servicemesh-mixc-0:2.0.9-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh-mixc@2.0.9-3.el8?arch=ppc64le", }, }, }, { category: "product_version", name: "servicemesh-mixs-0:2.0.9-3.el8.ppc64le", product: { name: "servicemesh-mixs-0:2.0.9-3.el8.ppc64le", product_id: "servicemesh-mixs-0:2.0.9-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh-mixs@2.0.9-3.el8?arch=ppc64le", }, }, }, { category: "product_version", name: "servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", product: { name: "servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", product_id: "servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh-pilot-agent@2.0.9-3.el8?arch=ppc64le", }, }, }, { category: "product_version", name: "servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", product: { name: "servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", product_id: "servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh-pilot-discovery@2.0.9-3.el8?arch=ppc64le", }, }, }, { category: "product_version", name: "servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", product: { name: "servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", product_id: "servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh-prometheus@2.14.0-16.el8.1?arch=ppc64le", }, }, }, { category: "product_version", name: "servicemesh-cni-0:2.0.9-3.el8.ppc64le", product: { name: "servicemesh-cni-0:2.0.9-3.el8.ppc64le", product_id: "servicemesh-cni-0:2.0.9-3.el8.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh-cni@2.0.9-3.el8?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "kiali-0:v1.24.7.redhat1-1.el8.s390x", product: { name: "kiali-0:v1.24.7.redhat1-1.el8.s390x", product_id: "kiali-0:v1.24.7.redhat1-1.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/kiali@v1.24.7.redhat1-1.el8?arch=s390x", }, }, }, { category: "product_version", name: "servicemesh-proxy-0:2.0.9-3.el8.s390x", product: { name: "servicemesh-proxy-0:2.0.9-3.el8.s390x", product_id: "servicemesh-proxy-0:2.0.9-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh-proxy@2.0.9-3.el8?arch=s390x", }, }, }, { category: "product_version", name: "servicemesh-operator-0:2.0.9-3.el8.s390x", product: { name: "servicemesh-operator-0:2.0.9-3.el8.s390x", product_id: "servicemesh-operator-0:2.0.9-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh-operator@2.0.9-3.el8?arch=s390x", }, }, }, { category: "product_version", name: "servicemesh-0:2.0.9-3.el8.s390x", product: { name: "servicemesh-0:2.0.9-3.el8.s390x", product_id: "servicemesh-0:2.0.9-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh@2.0.9-3.el8?arch=s390x", }, }, }, { category: "product_version", name: "servicemesh-istioctl-0:2.0.9-3.el8.s390x", product: { name: "servicemesh-istioctl-0:2.0.9-3.el8.s390x", product_id: "servicemesh-istioctl-0:2.0.9-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh-istioctl@2.0.9-3.el8?arch=s390x", }, }, }, { category: "product_version", name: "servicemesh-mixc-0:2.0.9-3.el8.s390x", product: { name: "servicemesh-mixc-0:2.0.9-3.el8.s390x", product_id: "servicemesh-mixc-0:2.0.9-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh-mixc@2.0.9-3.el8?arch=s390x", }, }, }, { category: "product_version", name: "servicemesh-mixs-0:2.0.9-3.el8.s390x", product: { name: "servicemesh-mixs-0:2.0.9-3.el8.s390x", product_id: "servicemesh-mixs-0:2.0.9-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh-mixs@2.0.9-3.el8?arch=s390x", }, }, }, { category: "product_version", name: "servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", product: { name: "servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", product_id: "servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh-pilot-agent@2.0.9-3.el8?arch=s390x", }, }, }, { category: "product_version", name: "servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", product: { name: "servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", product_id: "servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh-pilot-discovery@2.0.9-3.el8?arch=s390x", }, }, }, { category: "product_version", name: "servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", product: { name: "servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", product_id: "servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh-prometheus@2.14.0-16.el8.1?arch=s390x", }, }, }, { category: "product_version", name: "servicemesh-cni-0:2.0.9-3.el8.s390x", product: { name: "servicemesh-cni-0:2.0.9-3.el8.s390x", product_id: "servicemesh-cni-0:2.0.9-3.el8.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/servicemesh-cni@2.0.9-3.el8?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "kiali-0:v1.24.7.redhat1-1.el8.ppc64le as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", }, product_reference: "kiali-0:v1.24.7.redhat1-1.el8.ppc64le", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "kiali-0:v1.24.7.redhat1-1.el8.s390x as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", }, product_reference: "kiali-0:v1.24.7.redhat1-1.el8.s390x", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "kiali-0:v1.24.7.redhat1-1.el8.src as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", }, product_reference: "kiali-0:v1.24.7.redhat1-1.el8.src", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "kiali-0:v1.24.7.redhat1-1.el8.x86_64 as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", }, product_reference: "kiali-0:v1.24.7.redhat1-1.el8.x86_64", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", }, product_reference: "servicemesh-0:2.0.9-3.el8.ppc64le", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", }, product_reference: "servicemesh-0:2.0.9-3.el8.s390x", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-0:2.0.9-3.el8.src as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", }, product_reference: "servicemesh-0:2.0.9-3.el8.src", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", }, product_reference: "servicemesh-0:2.0.9-3.el8.x86_64", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-cni-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", }, product_reference: "servicemesh-cni-0:2.0.9-3.el8.ppc64le", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-cni-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", }, product_reference: "servicemesh-cni-0:2.0.9-3.el8.s390x", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-cni-0:2.0.9-3.el8.src as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", }, product_reference: "servicemesh-cni-0:2.0.9-3.el8.src", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-cni-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", }, product_reference: "servicemesh-cni-0:2.0.9-3.el8.x86_64", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-istioctl-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", }, product_reference: "servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-istioctl-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", }, product_reference: "servicemesh-istioctl-0:2.0.9-3.el8.s390x", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-istioctl-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", }, product_reference: "servicemesh-istioctl-0:2.0.9-3.el8.x86_64", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-mixc-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", }, product_reference: "servicemesh-mixc-0:2.0.9-3.el8.ppc64le", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-mixc-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", }, product_reference: "servicemesh-mixc-0:2.0.9-3.el8.s390x", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-mixc-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", }, product_reference: "servicemesh-mixc-0:2.0.9-3.el8.x86_64", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-mixs-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", }, product_reference: "servicemesh-mixs-0:2.0.9-3.el8.ppc64le", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-mixs-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", }, product_reference: "servicemesh-mixs-0:2.0.9-3.el8.s390x", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-mixs-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", }, product_reference: "servicemesh-mixs-0:2.0.9-3.el8.x86_64", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-operator-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", }, product_reference: "servicemesh-operator-0:2.0.9-3.el8.ppc64le", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-operator-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", }, product_reference: "servicemesh-operator-0:2.0.9-3.el8.s390x", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-operator-0:2.0.9-3.el8.src as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", }, product_reference: "servicemesh-operator-0:2.0.9-3.el8.src", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-operator-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", }, product_reference: "servicemesh-operator-0:2.0.9-3.el8.x86_64", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", }, product_reference: "servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-pilot-agent-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", }, product_reference: "servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", }, product_reference: "servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", }, product_reference: "servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", }, product_reference: "servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", }, product_reference: "servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", }, product_reference: "servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-prometheus-0:2.14.0-16.el8.1.s390x as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", }, product_reference: "servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-prometheus-0:2.14.0-16.el8.1.src as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", }, product_reference: "servicemesh-prometheus-0:2.14.0-16.el8.1.src", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64 as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", }, product_reference: "servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-proxy-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", }, product_reference: "servicemesh-proxy-0:2.0.9-3.el8.ppc64le", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-proxy-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", }, product_reference: "servicemesh-proxy-0:2.0.9-3.el8.s390x", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-proxy-0:2.0.9-3.el8.src as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", }, product_reference: "servicemesh-proxy-0:2.0.9-3.el8.src", relates_to_product_reference: "8Base-OSSM-2.0", }, { category: "default_component_of", full_product_name: { name: "servicemesh-proxy-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0", product_id: "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", }, product_reference: "servicemesh-proxy-0:2.0.9-3.el8.x86_64", relates_to_product_reference: "8Base-OSSM-2.0", }, ], }, vulnerabilities: [ { cve: "CVE-2020-28851", cwe: { id: "CWE-129", name: "Improper Validation of Array Index", }, discovery_date: "2021-01-06T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1913333", }, ], notes: [ { category: "description", text: "A flaw was found in golang.org. In x/text, an \"index out of range\" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension.", title: "Vulnerability description", }, { category: "summary", text: "golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension", title: "Vulnerability summary", }, { category: "other", text: "Below Red Hat products include the affected version of 'golang.org/x/text', however the language package is not being used and hence they are rated as having a security impact of Low. A future update may address this issue.\n\n* Red Hat OpenShift Container Storage 4\n* OpenShift ServiceMesh (OSSM)\n* Red Hat Gluster Storage 3\n* Windows Container Support for Red Hat OpenShift\n\nOnly three components in OpenShift Container Platform include the affected package, 'golang.org/x/text/language' , the installer, baremetal installer and thanos container images. All other components that include a version of 'golang.org/x/text' do not include the 'language' package and are therefore not affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", ], known_not_affected: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-28851", }, { category: "external", summary: "RHBZ#1913333", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1913333", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-28851", url: "https://www.cve.org/CVERecord?id=CVE-2020-28851", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-28851", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-28851", }, ], release_date: "2021-01-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-04-07T18:02:07+00:00", details: "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", product_ids: [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:1276", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension", }, { cve: "CVE-2020-28852", cwe: { id: "CWE-129", name: "Improper Validation of Array Index", }, discovery_date: "2021-01-02T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1913338", }, ], notes: [ { category: "description", text: "A flaw was found in golang.org. In x/text, a \"slice bounds out of range\" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag.", title: "Vulnerability description", }, { category: "summary", text: "golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag", title: "Vulnerability summary", }, { category: "other", text: "Below Red Hat products include the affected version of 'golang.org/x/text', however the language package is not being used and hence they are rated as having a security impact of Low. A future update may address this issue.\n\n* Red Hat OpenShift Container Storage 4\n* OpenShift ServiceMesh (OSSM)\n* Red Hat Gluster Storage 3\n* Windows Container Support for Red Hat OpenShift\n\nOnly three components in OpenShift Container Platform include the affected package, 'golang.org/x/text/language' , the installer, baremetal installer and thanos container images. All other components that include a version of 'golang.org/x/text' do not include the 'language' package and are therefore not affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", ], known_not_affected: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-28852", }, { category: "external", summary: "RHBZ#1913338", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1913338", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-28852", url: "https://www.cve.org/CVERecord?id=CVE-2020-28852", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-28852", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-28852", }, ], release_date: "2021-01-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-04-07T18:02:07+00:00", details: "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", product_ids: [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:1276", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag", }, { cve: "CVE-2021-3121", cwe: { id: "CWE-129", name: "Improper Validation of Array Index", }, discovery_date: "2021-01-28T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1921650", }, ], notes: [ { category: "description", text: "A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this vulnerability is to availability.", title: "Vulnerability description", }, { category: "summary", text: "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation", title: "Vulnerability summary", }, { category: "other", text: "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Jaeger (RHOSJ) all include code generated by github.com/gogo/protobuf to parse protobuf messages. However, no component is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate for OCP, OSSM and RHOSJ.\n\nOpenShift Virtualization includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no component of OpenShift Virtualization is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no RHACM component is accepting protobuf messages from unauthenticated sources and are used with a limited scope, hence this vulnerability is rated Moderate for RHACM.\n\nRed Hat Cluster Application Migration (CAM) includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no CAM component is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate for CAM.\n\nCryostat-2 is affected as it does ship gogo/protobuf library with it's distribution but the only use for Protobuf would be the Kubernetes/OpenShift API server the operator communicates with and it should be authenticated hence it is affected with Moderate impact.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", ], known_not_affected: [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-3121", }, { category: "external", summary: "RHBZ#1921650", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1921650", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-3121", url: "https://www.cve.org/CVERecord?id=CVE-2021-3121", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-3121", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-3121", }, ], release_date: "2021-01-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-04-07T18:02:07+00:00", details: "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", product_ids: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:1276", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation", }, { cve: "CVE-2021-3749", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-08-31T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1999784", }, ], notes: [ { category: "description", text: "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the nodejs axios. This flaw allows an attacker to provide crafted input to the trim function, which might cause high resources consumption and as a consequence lead to denial of service. The highest threat from this vulnerability is system availability.", title: "Vulnerability description", }, { category: "summary", text: "nodejs-axios: Regular expression denial of service in trim function", title: "Vulnerability summary", }, { category: "other", text: "* OpenShift Container Platform (OCP) grafana-container does package a vulnerable version of nodejs axios. However, due to the instance being read only and behind OpenShift OAuth, the impact of this vulnerability is Low.\n\n* Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.1 and previous versions does contain a vulnerable version of nodejs axios, RHACM 2.2 on towards are not affected versions. For RHACM 2.1, due to the instance being read only and behind OAuth, the impact of this vulnerability is Low.\n\n* Because Service Telemetry Framework 1.2 will be retiring soon and the flaw's impact is lower, no update will be provided at this time for STF's service-telemetry-operator-container and smart-gateway-operator-container.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", ], known_not_affected: [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-3749", }, { category: "external", summary: "RHBZ#1999784", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1999784", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-3749", url: "https://www.cve.org/CVERecord?id=CVE-2021-3749", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-3749", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-3749", }, { category: "external", summary: "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929", url: "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929", }, { category: "external", summary: "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31", url: "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31", }, ], release_date: "2021-08-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-04-07T18:02:07+00:00", details: "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", product_ids: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:1276", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "nodejs-axios: Regular expression denial of service in trim function", }, { cve: "CVE-2021-29482", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-04-28T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1954368", }, ], notes: [ { category: "description", text: "A flaw was found in github.com/ulikunitz/xz. The function readUvarint may not terminate a loop what could lead to denial of service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "ulikunitz/xz: Infinite loop in readUvarint allows for denial of service", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM) and Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected components are behind OpenShift OAuth authentication, therefore the impact is low.\nIn OCP before 4.7 the buildah, skopeo and podman packages include vulnerable version of github.com/ulikunitz/xz, but these OCP releases are already in the Maintenance Phase of the support, hence affected components are marked as wontfix. This may be fixed in the future.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", ], known_not_affected: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-29482", }, { category: "external", summary: "RHBZ#1954368", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1954368", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-29482", url: "https://www.cve.org/CVERecord?id=CVE-2021-29482", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-29482", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-29482", }, ], release_date: "2020-08-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-04-07T18:02:07+00:00", details: "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", product_ids: [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:1276", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "ulikunitz/xz: Infinite loop in readUvarint allows for denial of service", }, { cve: "CVE-2021-29923", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2021-08-07T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1992006", }, ], notes: [ { category: "description", text: "A flaw was found in golang. Extraneous zero characters at the beginning of an IP address octet are not properly considered which could allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability potentially affects any component written in Go that uses the net standard library and ParseIP / ParseCIDR functions. There are components which might not use these functions or might use them to parse IP addresses and not manage them in any way (only store information about the ip address) . This reduces the severity of this vulnerability to Low for the following offerings:\n* OpenShift distributed tracing (formerly OpenShift Jaeger)\n* OpenShift Migration Toolkit for Containers\n* OpenShift Container Platform", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], known_not_affected: [ "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-29923", }, { category: "external", summary: "RHBZ#1992006", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1992006", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-29923", url: "https://www.cve.org/CVERecord?id=CVE-2021-29923", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-29923", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-29923", }, { category: "external", summary: "https://sick.codes/sick-2021-016/", url: "https://sick.codes/sick-2021-016/", }, ], release_date: "2021-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-04-07T18:02:07+00:00", details: "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", product_ids: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:1276", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet", }, { cve: "CVE-2021-36221", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, discovery_date: "2021-08-10T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1995656", }, ], notes: [ { category: "description", text: "A race condition flaw was found in Go. The incoming requests body weren't closed after the handler panic and as a consequence this could lead to ReverseProxy crash. The highest threat from this vulnerability is to Availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http/httputil: panic due to racy read of persistConn after handler panic", title: "Vulnerability summary", }, { category: "other", text: "* In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the impacted RHOSP packages.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF1.3, no update will be provided at this time for the STF1.3 sg-core-container. Additionally, because Service Telemetry Framework1.2 will be retiring soon, no update will be provided at this time for the STF1.2 smart-gateway-container.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", ], known_not_affected: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-36221", }, { category: "external", summary: "RHBZ#1995656", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1995656", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-36221", url: "https://www.cve.org/CVERecord?id=CVE-2021-36221", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-36221", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-36221", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/uHACNfXAZqk", url: "https://groups.google.com/g/golang-announce/c/uHACNfXAZqk", }, ], release_date: "2021-08-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-04-07T18:02:07+00:00", details: "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", product_ids: [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:1276", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http/httputil: panic due to racy read of persistConn after handler panic", }, { cve: "CVE-2021-43565", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2021-12-07T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2030787", }, ], notes: [ { category: "description", text: "There's an input validation flaw in golang.org/x/crypto's readCipherPacket() function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a panic, potentially leading to denial of service.", title: "Vulnerability description", }, { category: "summary", text: "golang.org/x/crypto: empty plaintext packet causes panic", title: "Vulnerability summary", }, { category: "other", text: "go-toolset shipped with Red Hat Developer Tools - Compilers and golang shipped with Red Hat Enterprise Linux 8 are not affected by this flaw because they do not ship the vulnerable code.\n\nThis flaw was rated to have a Moderate impact because it is not shipped in the Golang standard library and thus has a reduced impact to products compared with other flaws of this type.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", ], known_not_affected: [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-43565", }, { category: "external", summary: "RHBZ#2030787", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2030787", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-43565", url: "https://www.cve.org/CVERecord?id=CVE-2021-43565", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-43565", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-43565", }, ], release_date: "2021-12-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-04-07T18:02:07+00:00", details: "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", product_ids: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:1276", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang.org/x/crypto: empty plaintext packet causes panic", }, { cve: "CVE-2021-43824", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, discovery_date: "2022-02-03T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2050744", }, ], notes: [ { category: "description", text: "A flaw was found in envoy. A crafted request can potentially trigger a NULL pointer dereference when using a WT filter safe_regex match.", title: "Vulnerability description", }, { category: "summary", text: "envoy: Null pointer dereference when using JWT filter safe_regex match", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], known_not_affected: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-43824", }, { category: "external", summary: "RHBZ#2050744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050744", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-43824", url: "https://www.cve.org/CVERecord?id=CVE-2021-43824", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-43824", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-43824", }, { category: "external", summary: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vj5m-rch8-5r2p", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vj5m-rch8-5r2p", }, ], release_date: "2022-02-22T07:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-04-07T18:02:07+00:00", details: "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", product_ids: [ "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:1276", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "envoy: Null pointer dereference when using JWT filter safe_regex match", }, { cve: "CVE-2021-43825", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2022-02-03T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2050746", }, ], notes: [ { category: "description", text: "A flaw was found in envoy. If the amount of buffered data by envoy goes over the limit, the buffer may overflow while a response is being processed by the filter chain. This issue possibly causes the operation to abort incorrectly, resulting in the access of a freed memory block.", title: "Vulnerability description", }, { category: "summary", text: "envoy: Use-after-free when response filters increase response data", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], known_not_affected: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-43825", }, { category: "external", summary: "RHBZ#2050746", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050746", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-43825", url: "https://www.cve.org/CVERecord?id=CVE-2021-43825", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-43825", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-43825", }, { category: "external", summary: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh", }, ], release_date: "2022-02-22T07:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-04-07T18:02:07+00:00", details: "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", product_ids: [ "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:1276", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "envoy: Use-after-free when response filters increase response data", }, { cve: "CVE-2021-43826", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2022-02-03T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2050748", }, ], notes: [ { category: "description", text: "A flaw was found in envoy. If a downstream source disconnects during upstream connection establishment when tunneling TCP over HTTP, a use-after-free can occur, resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "envoy: Use-after-free when tunneling TCP over HTTP", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], known_not_affected: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-43826", }, { category: "external", summary: "RHBZ#2050748", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050748", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-43826", url: "https://www.cve.org/CVERecord?id=CVE-2021-43826", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-43826", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-43826", }, { category: "external", summary: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf", }, ], release_date: "2022-02-22T07:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-04-07T18:02:07+00:00", details: "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", product_ids: [ "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:1276", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "envoy: Use-after-free when tunneling TCP over HTTP", }, { cve: "CVE-2022-21654", cwe: { id: "CWE-367", name: "Time-of-check Time-of-use (TOCTOU) Race Condition", }, discovery_date: "2022-02-03T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2050753", }, ], notes: [ { category: "description", text: "A flaw was found in envoy. When certificate validation settings are changed, incorrect configuration handling allows TLS session reuse without revalidation.", title: "Vulnerability description", }, { category: "summary", text: "envoy: Incorrect configuration handling allows mTLS session re-use without re-validation", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], known_not_affected: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21654", }, { category: "external", summary: "RHBZ#2050753", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050753", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21654", url: "https://www.cve.org/CVERecord?id=CVE-2022-21654", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21654", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21654", }, { category: "external", summary: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5j4x-g36v-m283", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5j4x-g36v-m283", }, ], release_date: "2022-02-22T07:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-04-07T18:02:07+00:00", details: "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", product_ids: [ "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:1276", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 9.4, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, products: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "envoy: Incorrect configuration handling allows mTLS session re-use without re-validation", }, { cve: "CVE-2022-21655", cwe: { id: "CWE-670", name: "Always-Incorrect Control Flow Implementation", }, discovery_date: "2022-02-03T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2050757", }, ], notes: [ { category: "description", text: "A flaw was found in envoy. Due to incorrect handling of the common router, a segfault is possible when internal redirects are routes with a direct response entry.", title: "Vulnerability description", }, { category: "summary", text: "envoy: Incorrect handling of internal redirects to routes with a direct response entry", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], known_not_affected: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21655", }, { category: "external", summary: "RHBZ#2050757", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050757", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21655", url: "https://www.cve.org/CVERecord?id=CVE-2022-21655", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21655", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21655", }, { category: "external", summary: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7r5p-7fmh-jxpg", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7r5p-7fmh-jxpg", }, ], release_date: "2022-02-22T07:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-04-07T18:02:07+00:00", details: "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", product_ids: [ "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:1276", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "envoy: Incorrect handling of internal redirects to routes with a direct response entry", }, { cve: "CVE-2022-23606", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-02-03T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2050758", }, ], notes: [ { category: "description", text: "A flaw was found in envoy. When a cluster is deleted via the Cluster Discovery Service, a stack exhaustion may occur.", title: "Vulnerability description", }, { category: "summary", text: "envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], known_not_affected: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23606", }, { category: "external", summary: "RHBZ#2050758", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2050758", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23606", url: "https://www.cve.org/CVERecord?id=CVE-2022-23606", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23606", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23606", }, { category: "external", summary: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-9vp2-4cp7-vvxf", url: "https://github.com/envoyproxy/envoy/security/advisories/GHSA-9vp2-4cp7-vvxf", }, ], release_date: "2022-02-22T07:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-04-07T18:02:07+00:00", details: "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", product_ids: [ "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:1276", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service", }, { cve: "CVE-2022-23635", cwe: { id: "CWE-287", name: "Improper Authentication", }, discovery_date: "2022-02-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2057277", }, ], notes: [ { category: "description", text: "A flaw was found in istio. This flaw allows an attacker to send a specially crafted message to isitiod, causing the control plane to crash.", title: "Vulnerability description", }, { category: "summary", text: "istio: unauthenticated control plane denial of service attack", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", ], known_not_affected: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23635", }, { category: "external", summary: "RHBZ#2057277", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2057277", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23635", url: "https://www.cve.org/CVERecord?id=CVE-2022-23635", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23635", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23635", }, { category: "external", summary: "https://istio.io/latest/news/security/istio-security-2022-003", url: "https://istio.io/latest/news/security/istio-security-2022-003", }, ], release_date: "2022-02-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-04-07T18:02:07+00:00", details: "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", product_ids: [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:1276", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "istio: unauthenticated control plane denial of service attack", }, { acknowledgments: [ { names: [ "Oliver Liu, John Howard and Jacob Delgado", ], organization: "Istio Product Security Working Group", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2022-24726", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2022-03-08T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2061638", }, ], notes: [ { category: "description", text: "A stack exhaustion flaw was found in the Istio control plane. This flaw allows a remote unauthenticated attacker to send a specially crafted or oversized message to crash the control plane process, resulting in a denial of service condition.", title: "Vulnerability description", }, { category: "summary", text: "istio: Unauthenticated control plane denial of service attack due to stack exhaustion", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", ], known_not_affected: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24726", }, { category: "external", summary: "RHBZ#2061638", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061638", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24726", url: "https://www.cve.org/CVERecord?id=CVE-2022-24726", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24726", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24726", }, { category: "external", summary: "https://istio.io/latest/news/security/istio-security-2022-004/", url: "https://istio.io/latest/news/security/istio-security-2022-004/", }, ], release_date: "2022-03-09T20:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-04-07T18:02:07+00:00", details: "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html", product_ids: [ "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:1276", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src", "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src", "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src", "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "istio: Unauthenticated control plane denial of service attack due to stack exhaustion", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.