Action not permitted
Modal body text goes here.
cve-2021-43826
Vulnerability from cvelistv5
Published
2022-02-22 22:45
Modified
2024-08-04 04:03
Severity ?
EPSS score ?
Summary
Crash when tunneling TCP over HTTP in Envoy
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/envoyproxy/envoy/commit/ce0ae309057a216aba031aff81c445c90c6ef145 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf | Issue Tracking, Third Party Advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| envoyproxy | envoy |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:09.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/envoyproxy/envoy/commit/ce0ae309057a216aba031aff81c445c90c6ef145"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "envoy",
"vendor": "envoyproxy",
"versions": [
{
"status": "affected",
"version": "\u003c 1.18.6"
},
{
"status": "affected",
"version": "\u003e= 1.19.0, \u003c 1.19.3"
},
{
"status": "affected",
"version": "\u003e= 1.20.0, \u003c 1.20.2"
},
{
"status": "affected",
"version": "\u003e= 1.21.0, \u003c 1.21.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling \u003cenvoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config\u003e` and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established. There are no workarounds for this issue. Users are advised to upgrade."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-22T22:45:22",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/envoyproxy/envoy/commit/ce0ae309057a216aba031aff81c445c90c6ef145"
}
],
"source": {
"advisory": "GHSA-cmx3-fvgf-83mf",
"discovery": "UNKNOWN"
},
"title": "Crash when tunneling TCP over HTTP in Envoy",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43826",
"STATE": "PUBLIC",
"TITLE": "Crash when tunneling TCP over HTTP in Envoy"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "envoy",
"version": {
"version_data": [
{
"version_value": "\u003c 1.18.6"
},
{
"version_value": "\u003e= 1.19.0, \u003c 1.19.3"
},
{
"version_value": "\u003e= 1.20.0, \u003c 1.20.2"
},
{
"version_value": "\u003e= 1.21.0, \u003c 1.21.1"
}
]
}
}
]
},
"vendor_name": "envoyproxy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling \u003cenvoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config\u003e` and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established. There are no workarounds for this issue. Users are advised to upgrade."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/ce0ae309057a216aba031aff81c445c90c6ef145",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/commit/ce0ae309057a216aba031aff81c445c90c6ef145"
}
]
},
"source": {
"advisory": "GHSA-cmx3-fvgf-83mf",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43826",
"datePublished": "2022-02-22T22:45:22",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-04T04:03:09.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-43826\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-02-22T23:15:10.957\",\"lastModified\":\"2022-03-02T15:23:00.960\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling \u003cenvoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config\u003e` and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established. There are no workarounds for this issue. Users are advised to upgrade.\"},{\"lang\":\"es\",\"value\":\"Envoy es un proxy de borde y servicio de c\u00f3digo abierto, dise\u00f1ado para aplicaciones nativas de la nube. En las versiones afectadas de Envoy se produce un bloqueo cuando es configurada para :ref:\\\"upstream tunneling (envoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config)\\\" y la conexi\u00f3n de bajada es desconectada mientras sigue estableciendo la conexi\u00f3n de subida o el flujo http/2. No se presentan medidas de mitigaci\u00f3n para este problema. Es recomendado a usuarios actualizar\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.18.6\",\"matchCriteriaId\":\"0EFC93D0-C206-417C-81D0-F18145E3D768\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.19.0\",\"versionEndExcluding\":\"1.19.3\",\"matchCriteriaId\":\"2812AC62-44B5-4077-862D-A221CD88981D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.20.0\",\"versionEndExcluding\":\"1.20.2\",\"matchCriteriaId\":\"F5441B2D-F807-4ED9-AFB9-ED4DE07CE5F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.21.0\",\"versionEndExcluding\":\"1.21.1\",\"matchCriteriaId\":\"83895D03-DAD1-4893-8A1C-F9143DEEC172\"}]}]}],\"references\":[{\"url\":\"https://github.com/envoyproxy/envoy/commit/ce0ae309057a216aba031aff81c445c90c6ef145\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]}]}}"
}
}
wid-sec-w-2022-0970
Vulnerability from csaf_certbund
Published
2022-04-07 22:00
Modified
2024-05-21 22:00
Summary
Red Hat OpenShift: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen.
Betroffene Betriebssysteme
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0970 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0970.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0970 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0970"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:4668 vom 2022-05-19",
"url": "https://access.redhat.com/errata/RHSA-2022:4668"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2022-04-07",
"url": "https://access.redhat.com/errata/RHSA-2022:1275"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2022-04-07",
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:1679 vom 2022-05-10",
"url": "https://access.redhat.com/errata/RHSA-2022:1679"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-9362 vom 2022-05-09",
"url": "https://linux.oracle.com/errata/ELSA-2022-9362.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202208-02 vom 2022-08-09",
"url": "https://security.gentoo.org/glsa/202208-02"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-7129 vom 2022-10-26",
"url": "https://linux.oracle.com/errata/ELSA-2022-7129.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7129 vom 2022-10-25",
"url": "https://access.redhat.com/errata/RHSA-2022:7129"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7457 vom 2022-11-08",
"url": "https://access.redhat.com/errata/RHSA-2022:7457"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7954 vom 2022-11-15",
"url": "https://access.redhat.com/errata/RHSA-2022:7954"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2023-2303 vom 2023-10-20",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2303.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2944 vom 2024-05-21",
"url": "https://access.redhat.com/errata/RHSA-2024:2944"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-05-21T22:00:00.000+00:00",
"generator": {
"date": "2024-05-22T08:37:47.134+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2022-0970",
"initial_release_date": "2022-04-07T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-04-07T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-05-10T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-05-18T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-08-09T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2022-10-25T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
},
{
"date": "2022-11-08T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-11-15T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-10-19T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-05-21T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "9"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Container Platform 4",
"product": {
"name": "Red Hat OpenShift Container Platform 4",
"product_id": "T022509",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform_4"
}
}
},
{
"category": "product_version_range",
"name": "Service Mesh \u003c2.1.2",
"product": {
"name": "Red Hat OpenShift Service Mesh \u003c2.1.2",
"product_id": "T022580",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:service_mesh__2.1.2"
}
}
},
{
"category": "product_version_range",
"name": "Service Mesh \u003c2.0.9",
"product": {
"name": "Red Hat OpenShift Service Mesh \u003c2.0.9",
"product_id": "T022581",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:service_mesh__2.0.9"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28851",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00Z",
"title": "CVE-2020-28851"
},
{
"cve": "CVE-2020-28852",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00Z",
"title": "CVE-2020-28852"
},
{
"cve": "CVE-2021-29482",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00Z",
"title": "CVE-2021-29482"
},
{
"cve": "CVE-2021-29923",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00Z",
"title": "CVE-2021-29923"
},
{
"cve": "CVE-2021-3121",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00Z",
"title": "CVE-2021-3121"
},
{
"cve": "CVE-2021-36221",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00Z",
"title": "CVE-2021-36221"
},
{
"cve": "CVE-2021-3749",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00Z",
"title": "CVE-2021-3749"
},
{
"cve": "CVE-2021-43565",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00Z",
"title": "CVE-2021-43565"
},
{
"cve": "CVE-2021-43824",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00Z",
"title": "CVE-2021-43824"
},
{
"cve": "CVE-2021-43825",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00Z",
"title": "CVE-2021-43825"
},
{
"cve": "CVE-2021-43826",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00Z",
"title": "CVE-2021-43826"
},
{
"cve": "CVE-2022-21654",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00Z",
"title": "CVE-2022-21654"
},
{
"cve": "CVE-2022-21655",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00Z",
"title": "CVE-2022-21655"
},
{
"cve": "CVE-2022-23606",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00Z",
"title": "CVE-2022-23606"
},
{
"cve": "CVE-2022-23635",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00Z",
"title": "CVE-2022-23635"
},
{
"cve": "CVE-2022-24726",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten envoy, golang, github.com/gogo/protobuf, Node.js Axios und github.com/ulikunitz/xz. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"67646",
"398363",
"T012167",
"T004914",
"T022509"
]
},
"release_date": "2022-04-07T22:00:00Z",
"title": "CVE-2022-24726"
}
]
}
var-202202-1615
Vulnerability from variot
Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:upstream tunneling <envoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config> and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established. There are no workarounds for this issue. Users are advised to upgrade. Envoy Exists in a vulnerability related to the use of freed memory.Service operation interruption (DoS) It may be in a state. No detailed vulnerability details are currently available. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat OpenShift Service Mesh 2.0.9 security update Advisory ID: RHSA-2022:1276-01 Product: Red Hat OpenShift Service Mesh Advisory URL: https://access.redhat.com/errata/RHSA-2022:1276 Issue date: 2022-04-07 CVE Names: CVE-2020-28851 CVE-2020-28852 CVE-2021-3121 CVE-2021-3749 CVE-2021-29482 CVE-2021-29923 CVE-2021-36221 CVE-2021-43565 CVE-2021-43824 CVE-2021-43825 CVE-2021-43826 CVE-2022-21654 CVE-2022-21655 CVE-2022-23606 CVE-2022-23635 CVE-2022-24726 =====================================================================
- Summary:
Red Hat OpenShift Service Mesh 2.0.9.
Red Hat Product Security has rated this update as having a security impact of Important.
- Relevant releases/architectures:
2.0 - ppc64le, s390x, x86_64
- Description:
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
This advisory covers the RPM packages for the release.
Security Fix(es):
-
gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
-
envoy: Incorrect configuration handling allows mTLS session re-use without re-validation (CVE-2022-21654)
-
envoy: Incorrect handling of internal redirects to routes with a direct response entry (CVE-2022-21655)
-
istio: Unauthenticated control plane denial of service attack due to stack exhaustion (CVE-2022-24726)
-
golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing
-
-u- extension (CVE-2020-28851)
-
golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)
-
nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749)
-
ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)
-
golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)
-
golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)
-
golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)
-
envoy: Null pointer dereference when using JWT filter safe_regex match (CVE-2021-43824)
-
envoy: Use-after-free when response filters increase response data (CVE-2021-43825)
-
envoy: Use-after-free when tunneling TCP over HTTP (CVE-2021-43826)
-
envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service (CVE-2022-23606)
-
istio: unauthenticated control plane denial of service attack (CVE-2022-23635)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
The OpenShift Service Mesh release notes provide information on the features and known issues:
https://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html
- Bugs fixed (https://bugzilla.redhat.com/):
1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension 1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic 1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2050744 - CVE-2021-43824 envoy: Null pointer dereference when using JWT filter safe_regex match 2050746 - CVE-2021-43825 envoy: Use-after-free when response filters increase response data 2050748 - CVE-2021-43826 envoy: Use-after-free when tunneling TCP over HTTP 2050753 - CVE-2022-21654 envoy: Incorrect configuration handling allows mTLS session re-use without re-validation 2050757 - CVE-2022-21655 envoy: Incorrect handling of internal redirects to routes with a direct response entry 2050758 - CVE-2022-23606 envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service 2057277 - CVE-2022-23635 istio: unauthenticated control plane denial of service attack 2061638 - CVE-2022-24726 istio: Unauthenticated control plane denial of service attack due to stack exhaustion
- Package List:
2.0:
Source: kiali-v1.24.7.redhat1-1.el8.src.rpm servicemesh-2.0.9-3.el8.src.rpm servicemesh-cni-2.0.9-3.el8.src.rpm servicemesh-operator-2.0.9-3.el8.src.rpm servicemesh-prometheus-2.14.0-16.el8.1.src.rpm servicemesh-proxy-2.0.9-3.el8.src.rpm
ppc64le: kiali-v1.24.7.redhat1-1.el8.ppc64le.rpm servicemesh-2.0.9-3.el8.ppc64le.rpm servicemesh-cni-2.0.9-3.el8.ppc64le.rpm servicemesh-istioctl-2.0.9-3.el8.ppc64le.rpm servicemesh-mixc-2.0.9-3.el8.ppc64le.rpm servicemesh-mixs-2.0.9-3.el8.ppc64le.rpm servicemesh-operator-2.0.9-3.el8.ppc64le.rpm servicemesh-pilot-agent-2.0.9-3.el8.ppc64le.rpm servicemesh-pilot-discovery-2.0.9-3.el8.ppc64le.rpm servicemesh-prometheus-2.14.0-16.el8.1.ppc64le.rpm servicemesh-proxy-2.0.9-3.el8.ppc64le.rpm
s390x: kiali-v1.24.7.redhat1-1.el8.s390x.rpm servicemesh-2.0.9-3.el8.s390x.rpm servicemesh-cni-2.0.9-3.el8.s390x.rpm servicemesh-istioctl-2.0.9-3.el8.s390x.rpm servicemesh-mixc-2.0.9-3.el8.s390x.rpm servicemesh-mixs-2.0.9-3.el8.s390x.rpm servicemesh-operator-2.0.9-3.el8.s390x.rpm servicemesh-pilot-agent-2.0.9-3.el8.s390x.rpm servicemesh-pilot-discovery-2.0.9-3.el8.s390x.rpm servicemesh-prometheus-2.14.0-16.el8.1.s390x.rpm servicemesh-proxy-2.0.9-3.el8.s390x.rpm
x86_64: kiali-v1.24.7.redhat1-1.el8.x86_64.rpm servicemesh-2.0.9-3.el8.x86_64.rpm servicemesh-cni-2.0.9-3.el8.x86_64.rpm servicemesh-istioctl-2.0.9-3.el8.x86_64.rpm servicemesh-mixc-2.0.9-3.el8.x86_64.rpm servicemesh-mixs-2.0.9-3.el8.x86_64.rpm servicemesh-operator-2.0.9-3.el8.x86_64.rpm servicemesh-pilot-agent-2.0.9-3.el8.x86_64.rpm servicemesh-pilot-discovery-2.0.9-3.el8.x86_64.rpm servicemesh-prometheus-2.14.0-16.el8.1.x86_64.rpm servicemesh-proxy-2.0.9-3.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. References:
https://access.redhat.com/security/cve/CVE-2020-28851 https://access.redhat.com/security/cve/CVE-2020-28852 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/cve/CVE-2021-3749 https://access.redhat.com/security/cve/CVE-2021-29482 https://access.redhat.com/security/cve/CVE-2021-29923 https://access.redhat.com/security/cve/CVE-2021-36221 https://access.redhat.com/security/cve/CVE-2021-43565 https://access.redhat.com/security/cve/CVE-2021-43824 https://access.redhat.com/security/cve/CVE-2021-43825 https://access.redhat.com/security/cve/CVE-2021-43826 https://access.redhat.com/security/cve/CVE-2022-21654 https://access.redhat.com/security/cve/CVE-2022-21655 https://access.redhat.com/security/cve/CVE-2022-23606 https://access.redhat.com/security/cve/CVE-2022-23635 https://access.redhat.com/security/cve/CVE-2022-24726 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYk9i6NzjgjWX9erEAQjAEhAAmnMX+Vmxv+BfSR/1KoiT5lCYoO0yCwR3 L2bDIAzohd4RaxbTxTRGGg0ibXB22Helse0hfroV/ZVQDhEcVg07QDwB7bdHknz6 hD1YtqBPLY93Vt2bvUq3XQNpv/hcxK9zngW0j4IeB4kRb0TbIz41yb+0SAKHmHqG KkcyqHeUvh/N02Rp4Ylk+B+Rcjfwwu3KJToUl+YwoajitIiu7np7qkftQ5s+uO2u nuxXdSm67L/WiaCq+LBLJpxk7zmZVtq3kTkqiokHFlSpS9NJCMDWvhpbXG1owkiV du9kUoZYa1hAIonX/URZ7HtOgwBOfaa9Jo0vwLp1GkCZEN389mo7+SkM1A/WGsdN rPwS2pe6HNNqSORHM9aoygraBTZeYyzSTCnVIRIggDbCb8DfG+WdITIEM/Jk9UFS +WSSDbJ9oVNPZtXqImtqxT+0FKHdk9My0UWWpJci3XeV6zL7+1ApcPTib7Y0sbRi XBxeV7THZdyiNHk49xE6i96z5QJFkRL/VCgBx3CaiHVqOAv27cR3O6MrP904utyh f3zUPSYIezvUgq65D13XZTruitBd4wMDTPpCqpsBM5JzLoyObKoU/KIr7oasJkbM 5gKHsNsszEfYgaqFmkao55xHHrZLt7x+WaF6dAttUAbl6AalJmEY3C9UcHYIZlGa 8V4YhC5zIXU= =/fvC -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):
OSSM-1074 - Pod annotations defined in SMCP are not injected in the pods OSSM-1234 - RPM Release for Maistra 2.1.2 OSSM-303 - Control Openshift Route Creation for ingress Gateways
7
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-1615",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "envoy",
"scope": "lt",
"trust": 1.0,
"vendor": "envoyproxy",
"version": "1.20.2"
},
{
"model": "envoy",
"scope": "lt",
"trust": 1.0,
"vendor": "envoyproxy",
"version": "1.21.1"
},
{
"model": "envoy",
"scope": "lt",
"trust": 1.0,
"vendor": "envoyproxy",
"version": "1.18.6"
},
{
"model": "envoy",
"scope": "gte",
"trust": 1.0,
"vendor": "envoyproxy",
"version": "1.21.0"
},
{
"model": "envoy",
"scope": "gte",
"trust": 1.0,
"vendor": "envoyproxy",
"version": "1.20.0"
},
{
"model": "envoy",
"scope": "gte",
"trust": 1.0,
"vendor": "envoyproxy",
"version": "1.19.0"
},
{
"model": "envoy",
"scope": "lt",
"trust": 1.0,
"vendor": "envoyproxy",
"version": "1.19.3"
},
{
"model": "envoy",
"scope": null,
"trust": 0.8,
"vendor": "envoy proxy",
"version": null
},
{
"model": "envoy",
"scope": "eq",
"trust": 0.8,
"vendor": "envoy proxy",
"version": null
},
{
"model": "envoy",
"scope": null,
"trust": 0.6,
"vendor": "envoy",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-15542"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006007"
},
{
"db": "NVD",
"id": "CVE-2021-43826"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.18.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.19.3",
"versionStartIncluding": "1.19.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.20.2",
"versionStartIncluding": "1.20.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.21.1",
"versionStartIncluding": "1.21.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-43826"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "166643"
},
{
"db": "PACKETSTORM",
"id": "166644"
}
],
"trust": 0.2
},
"cve": "CVE-2021-43826",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-43826",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-15542",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2022-006007",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-43826",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2021-43826",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-15542",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-1764",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-43826",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-15542"
},
{
"db": "VULMON",
"id": "CVE-2021-43826"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006007"
},
{
"db": "NVD",
"id": "CVE-2021-43826"
},
{
"db": "NVD",
"id": "CVE-2021-43826"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1764"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling \u003cenvoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config\u003e` and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established. There are no workarounds for this issue. Users are advised to upgrade. Envoy Exists in a vulnerability related to the use of freed memory.Service operation interruption (DoS) It may be in a state. No detailed vulnerability details are currently available. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat OpenShift Service Mesh 2.0.9 security update\nAdvisory ID: RHSA-2022:1276-01\nProduct: Red Hat OpenShift Service Mesh\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1276\nIssue date: 2022-04-07\nCVE Names: CVE-2020-28851 CVE-2020-28852 CVE-2021-3121 \n CVE-2021-3749 CVE-2021-29482 CVE-2021-29923 \n CVE-2021-36221 CVE-2021-43565 CVE-2021-43824 \n CVE-2021-43825 CVE-2021-43826 CVE-2022-21654 \n CVE-2022-21655 CVE-2022-23606 CVE-2022-23635 \n CVE-2022-24726 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Service Mesh 2.0.9. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. \n\n2. Relevant releases/architectures:\n\n2.0 - ppc64le, s390x, x86_64\n\n3. Description:\n\nRed Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio\nservice mesh project, tailored for installation into an on-premise\nOpenShift Container Platform installation. \n\nThis advisory covers the RPM packages for the release. \n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n\n* envoy: Incorrect configuration handling allows mTLS session re-use\nwithout re-validation (CVE-2022-21654)\n\n* envoy: Incorrect handling of internal redirects to routes with a direct\nresponse entry (CVE-2022-21655)\n\n* istio: Unauthenticated control plane denial of service attack due to\nstack exhaustion (CVE-2022-24726)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing\n- -u- extension (CVE-2020-28851)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing\nbcp47 tag (CVE-2020-28852)\n\n* nodejs-axios: Regular expression denial of service in trim function\n(CVE-2021-3749)\n\n* ulikunitz/xz: Infinite loop in readUvarint allows for denial of service\n(CVE-2021-29482)\n\n* golang: net: incorrect parsing of extraneous zero characters at the\nbeginning of an IP address octet (CVE-2021-29923)\n\n* golang: net/http/httputil: panic due to racy read of persistConn after\nhandler panic (CVE-2021-36221)\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* envoy: Null pointer dereference when using JWT filter safe_regex match\n(CVE-2021-43824)\n\n* envoy: Use-after-free when response filters increase response data\n(CVE-2021-43825)\n\n* envoy: Use-after-free when tunneling TCP over HTTP (CVE-2021-43826)\n\n* envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery\nService (CVE-2022-23606)\n\n* istio: unauthenticated control plane denial of service attack\n(CVE-2022-23635)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nThe OpenShift Service Mesh release notes provide information on the\nfeatures and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension\n1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service\n1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet\n1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic\n1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function\n2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic\n2050744 - CVE-2021-43824 envoy: Null pointer dereference when using JWT filter safe_regex match\n2050746 - CVE-2021-43825 envoy: Use-after-free when response filters increase response data\n2050748 - CVE-2021-43826 envoy: Use-after-free when tunneling TCP over HTTP\n2050753 - CVE-2022-21654 envoy: Incorrect configuration handling allows mTLS session re-use without re-validation\n2050757 - CVE-2022-21655 envoy: Incorrect handling of internal redirects to routes with a direct response entry\n2050758 - CVE-2022-23606 envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service\n2057277 - CVE-2022-23635 istio: unauthenticated control plane denial of service attack\n2061638 - CVE-2022-24726 istio: Unauthenticated control plane denial of service attack due to stack exhaustion\n\n6. Package List:\n\n2.0:\n\nSource:\nkiali-v1.24.7.redhat1-1.el8.src.rpm\nservicemesh-2.0.9-3.el8.src.rpm\nservicemesh-cni-2.0.9-3.el8.src.rpm\nservicemesh-operator-2.0.9-3.el8.src.rpm\nservicemesh-prometheus-2.14.0-16.el8.1.src.rpm\nservicemesh-proxy-2.0.9-3.el8.src.rpm\n\nppc64le:\nkiali-v1.24.7.redhat1-1.el8.ppc64le.rpm\nservicemesh-2.0.9-3.el8.ppc64le.rpm\nservicemesh-cni-2.0.9-3.el8.ppc64le.rpm\nservicemesh-istioctl-2.0.9-3.el8.ppc64le.rpm\nservicemesh-mixc-2.0.9-3.el8.ppc64le.rpm\nservicemesh-mixs-2.0.9-3.el8.ppc64le.rpm\nservicemesh-operator-2.0.9-3.el8.ppc64le.rpm\nservicemesh-pilot-agent-2.0.9-3.el8.ppc64le.rpm\nservicemesh-pilot-discovery-2.0.9-3.el8.ppc64le.rpm\nservicemesh-prometheus-2.14.0-16.el8.1.ppc64le.rpm\nservicemesh-proxy-2.0.9-3.el8.ppc64le.rpm\n\ns390x:\nkiali-v1.24.7.redhat1-1.el8.s390x.rpm\nservicemesh-2.0.9-3.el8.s390x.rpm\nservicemesh-cni-2.0.9-3.el8.s390x.rpm\nservicemesh-istioctl-2.0.9-3.el8.s390x.rpm\nservicemesh-mixc-2.0.9-3.el8.s390x.rpm\nservicemesh-mixs-2.0.9-3.el8.s390x.rpm\nservicemesh-operator-2.0.9-3.el8.s390x.rpm\nservicemesh-pilot-agent-2.0.9-3.el8.s390x.rpm\nservicemesh-pilot-discovery-2.0.9-3.el8.s390x.rpm\nservicemesh-prometheus-2.14.0-16.el8.1.s390x.rpm\nservicemesh-proxy-2.0.9-3.el8.s390x.rpm\n\nx86_64:\nkiali-v1.24.7.redhat1-1.el8.x86_64.rpm\nservicemesh-2.0.9-3.el8.x86_64.rpm\nservicemesh-cni-2.0.9-3.el8.x86_64.rpm\nservicemesh-istioctl-2.0.9-3.el8.x86_64.rpm\nservicemesh-mixc-2.0.9-3.el8.x86_64.rpm\nservicemesh-mixs-2.0.9-3.el8.x86_64.rpm\nservicemesh-operator-2.0.9-3.el8.x86_64.rpm\nservicemesh-pilot-agent-2.0.9-3.el8.x86_64.rpm\nservicemesh-pilot-discovery-2.0.9-3.el8.x86_64.rpm\nservicemesh-prometheus-2.14.0-16.el8.1.x86_64.rpm\nservicemesh-proxy-2.0.9-3.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-28851\nhttps://access.redhat.com/security/cve/CVE-2020-28852\nhttps://access.redhat.com/security/cve/CVE-2021-3121\nhttps://access.redhat.com/security/cve/CVE-2021-3749\nhttps://access.redhat.com/security/cve/CVE-2021-29482\nhttps://access.redhat.com/security/cve/CVE-2021-29923\nhttps://access.redhat.com/security/cve/CVE-2021-36221\nhttps://access.redhat.com/security/cve/CVE-2021-43565\nhttps://access.redhat.com/security/cve/CVE-2021-43824\nhttps://access.redhat.com/security/cve/CVE-2021-43825\nhttps://access.redhat.com/security/cve/CVE-2021-43826\nhttps://access.redhat.com/security/cve/CVE-2022-21654\nhttps://access.redhat.com/security/cve/CVE-2022-21655\nhttps://access.redhat.com/security/cve/CVE-2022-23606\nhttps://access.redhat.com/security/cve/CVE-2022-23635\nhttps://access.redhat.com/security/cve/CVE-2022-24726\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYk9i6NzjgjWX9erEAQjAEhAAmnMX+Vmxv+BfSR/1KoiT5lCYoO0yCwR3\nL2bDIAzohd4RaxbTxTRGGg0ibXB22Helse0hfroV/ZVQDhEcVg07QDwB7bdHknz6\nhD1YtqBPLY93Vt2bvUq3XQNpv/hcxK9zngW0j4IeB4kRb0TbIz41yb+0SAKHmHqG\nKkcyqHeUvh/N02Rp4Ylk+B+Rcjfwwu3KJToUl+YwoajitIiu7np7qkftQ5s+uO2u\nnuxXdSm67L/WiaCq+LBLJpxk7zmZVtq3kTkqiokHFlSpS9NJCMDWvhpbXG1owkiV\ndu9kUoZYa1hAIonX/URZ7HtOgwBOfaa9Jo0vwLp1GkCZEN389mo7+SkM1A/WGsdN\nrPwS2pe6HNNqSORHM9aoygraBTZeYyzSTCnVIRIggDbCb8DfG+WdITIEM/Jk9UFS\n+WSSDbJ9oVNPZtXqImtqxT+0FKHdk9My0UWWpJci3XeV6zL7+1ApcPTib7Y0sbRi\nXBxeV7THZdyiNHk49xE6i96z5QJFkRL/VCgBx3CaiHVqOAv27cR3O6MrP904utyh\nf3zUPSYIezvUgq65D13XZTruitBd4wMDTPpCqpsBM5JzLoyObKoU/KIr7oasJkbM\n5gKHsNsszEfYgaqFmkao55xHHrZLt7x+WaF6dAttUAbl6AalJmEY3C9UcHYIZlGa\n8V4YhC5zIXU=\n=/fvC\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nOSSM-1074 - Pod annotations defined in SMCP are not injected in the pods\nOSSM-1234 - RPM Release for Maistra 2.1.2\nOSSM-303 - Control Openshift Route Creation for ingress Gateways\n\n7",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-43826"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006007"
},
{
"db": "CNVD",
"id": "CNVD-2022-15542"
},
{
"db": "VULMON",
"id": "CVE-2021-43826"
},
{
"db": "PACKETSTORM",
"id": "166643"
},
{
"db": "PACKETSTORM",
"id": "166644"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-43826",
"trust": 4.1
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006007",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166644",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-15542",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1505",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1764",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-43826",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166643",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-15542"
},
{
"db": "VULMON",
"id": "CVE-2021-43826"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006007"
},
{
"db": "PACKETSTORM",
"id": "166643"
},
{
"db": "PACKETSTORM",
"id": "166644"
},
{
"db": "NVD",
"id": "CVE-2021-43826"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1764"
}
]
},
"id": "VAR-202202-1615",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-15542"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-15542"
}
]
},
"last_update_date": "2023-12-18T11:07:31.990000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Use-after-free\u00a0when\u00a0tunneling\u00a0TCP\u00a0over\u00a0HTTP,\u00a0if\u00a0downstream\u00a0disconnects\u00a0during\u00a0upstream\u00a0connection\u00a0establishment GitHub",
"trust": 0.8,
"url": "https://github.com/envoyproxy/envoy/security/advisories/ghsa-h69p-g6xg-mhhh"
},
{
"title": "Patch for Envoy Resource Management Error Vulnerability (CNVD-2022-15542)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/322721"
},
{
"title": "Envoy Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=183238"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2021-43826"
},
{
"title": "Red Hat: Important: Red Hat OpenShift Service Mesh 2.1.2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221275 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat OpenShift Service Mesh 2.0.9 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221276 - security advisory"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-15542"
},
{
"db": "VULMON",
"id": "CVE-2021-43826"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006007"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1764"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.0
},
{
"problemtype": "Use of freed memory (CWE-416) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006007"
},
{
"db": "NVD",
"id": "CVE-2021-43826"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43826"
},
{
"trust": 1.7,
"url": "https://github.com/envoyproxy/envoy/security/advisories/ghsa-cmx3-fvgf-83mf"
},
{
"trust": 1.7,
"url": "https://github.com/envoyproxy/envoy/commit/ce0ae309057a216aba031aff81c445c90c6ef145"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2021-43826"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-43826/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1505"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166644/red-hat-security-advisory-2022-1275-01.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2022:1275"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21654"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-43825"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24726"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43825"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23635"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23606"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21654"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24726"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21655"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23635"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-43824"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21655"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23606"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43824"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43565"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1276"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28852"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3749"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28851"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29482"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43565"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29482"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36221"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28852"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29923"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28851"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-15542"
},
{
"db": "VULMON",
"id": "CVE-2021-43826"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006007"
},
{
"db": "PACKETSTORM",
"id": "166643"
},
{
"db": "PACKETSTORM",
"id": "166644"
},
{
"db": "NVD",
"id": "CVE-2021-43826"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1764"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-15542"
},
{
"db": "VULMON",
"id": "CVE-2021-43826"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006007"
},
{
"db": "PACKETSTORM",
"id": "166643"
},
{
"db": "PACKETSTORM",
"id": "166644"
},
{
"db": "NVD",
"id": "CVE-2021-43826"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1764"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-15542"
},
{
"date": "2022-02-22T00:00:00",
"db": "VULMON",
"id": "CVE-2021-43826"
},
{
"date": "2023-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-006007"
},
{
"date": "2022-04-08T15:05:23",
"db": "PACKETSTORM",
"id": "166643"
},
{
"date": "2022-04-08T15:06:03",
"db": "PACKETSTORM",
"id": "166644"
},
{
"date": "2022-02-22T23:15:10.957000",
"db": "NVD",
"id": "CVE-2021-43826"
},
{
"date": "2022-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1764"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-15542"
},
{
"date": "2022-03-02T00:00:00",
"db": "VULMON",
"id": "CVE-2021-43826"
},
{
"date": "2023-06-26T00:52:00",
"db": "JVNDB",
"id": "JVNDB-2022-006007"
},
{
"date": "2022-03-02T15:23:00.960000",
"db": "NVD",
"id": "CVE-2021-43826"
},
{
"date": "2022-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1764"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1764"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Envoy\u00a0 Vulnerability in using free memory in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006007"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1764"
}
],
"trust": 0.6
}
}
gsd-2021-43826
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling <envoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config>` and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established. There are no workarounds for this issue. Users are advised to upgrade.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-43826",
"description": "Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling \u003cenvoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config\u003e` and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established. There are no workarounds for this issue. Users are advised to upgrade.",
"id": "GSD-2021-43826",
"references": [
"https://www.suse.com/security/cve/CVE-2021-43826.html",
"https://access.redhat.com/errata/RHSA-2022:1275",
"https://access.redhat.com/errata/RHSA-2022:1276"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-43826"
],
"details": "Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling \u003cenvoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config\u003e` and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established. There are no workarounds for this issue. Users are advised to upgrade.",
"id": "GSD-2021-43826",
"modified": "2023-12-13T01:23:26.237041Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43826",
"STATE": "PUBLIC",
"TITLE": "Crash when tunneling TCP over HTTP in Envoy"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "envoy",
"version": {
"version_data": [
{
"version_value": "\u003c 1.18.6"
},
{
"version_value": "\u003e= 1.19.0, \u003c 1.19.3"
},
{
"version_value": "\u003e= 1.20.0, \u003c 1.20.2"
},
{
"version_value": "\u003e= 1.21.0, \u003c 1.21.1"
}
]
}
}
]
},
"vendor_name": "envoyproxy"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling \u003cenvoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config\u003e` and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established. There are no workarounds for this issue. Users are advised to upgrade."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf",
"refsource": "CONFIRM",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/ce0ae309057a216aba031aff81c445c90c6ef145",
"refsource": "MISC",
"url": "https://github.com/envoyproxy/envoy/commit/ce0ae309057a216aba031aff81c445c90c6ef145"
}
]
},
"source": {
"advisory": "GHSA-cmx3-fvgf-83mf",
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.18.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.19.3",
"versionStartIncluding": "1.19.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.20.2",
"versionStartIncluding": "1.20.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.21.1",
"versionStartIncluding": "1.21.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43826"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling \u003cenvoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config\u003e` and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established. There are no workarounds for this issue. Users are advised to upgrade."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf"
},
{
"name": "https://github.com/envoyproxy/envoy/commit/ce0ae309057a216aba031aff81c445c90c6ef145",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/envoyproxy/envoy/commit/ce0ae309057a216aba031aff81c445c90c6ef145"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-03-02T15:23Z",
"publishedDate": "2022-02-22T23:15Z"
}
}
}
rhsa-2022_1276
Vulnerability from csaf_redhat
Published
2022-04-07 18:02
Modified
2024-11-06 00:39
Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.0.9 security update
Notes
Topic
Red Hat OpenShift Service Mesh 2.0.9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
This advisory covers the RPM packages for the release.
Security Fix(es):
* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
* envoy: Incorrect configuration handling allows mTLS session re-use without re-validation (CVE-2022-21654)
* envoy: Incorrect handling of internal redirects to routes with a direct response entry (CVE-2022-21655)
* istio: Unauthenticated control plane denial of service attack due to stack exhaustion (CVE-2022-24726)
* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension (CVE-2020-28851)
* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)
* nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749)
* ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)
* golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)
* golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)
* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)
* envoy: Null pointer dereference when using JWT filter safe_regex match (CVE-2021-43824)
* envoy: Use-after-free when response filters increase response data (CVE-2021-43825)
* envoy: Use-after-free when tunneling TCP over HTTP (CVE-2021-43826)
* envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service (CVE-2022-23606)
* istio: unauthenticated control plane denial of service attack (CVE-2022-23635)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 2.0.9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nThis advisory covers the RPM packages for the release.\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* envoy: Incorrect configuration handling allows mTLS session re-use without re-validation (CVE-2022-21654)\n\n* envoy: Incorrect handling of internal redirects to routes with a direct response entry (CVE-2022-21655)\n\n* istio: Unauthenticated control plane denial of service attack due to stack exhaustion (CVE-2022-24726)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension (CVE-2020-28851)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)\n\n* nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749)\n\n* ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)\n\n* golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)\n\n* golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* envoy: Null pointer dereference when using JWT filter safe_regex match (CVE-2021-43824)\n\n* envoy: Use-after-free when response filters increase response data (CVE-2021-43825)\n\n* envoy: Use-after-free when tunneling TCP over HTTP (CVE-2021-43826)\n\n* envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service (CVE-2022-23606)\n\n* istio: unauthenticated control plane denial of service attack (CVE-2022-23635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:1276",
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1913333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913333"
},
{
"category": "external",
"summary": "1913338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913338"
},
{
"category": "external",
"summary": "1921650",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650"
},
{
"category": "external",
"summary": "1954368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954368"
},
{
"category": "external",
"summary": "1992006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992006"
},
{
"category": "external",
"summary": "1995656",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995656"
},
{
"category": "external",
"summary": "1999784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999784"
},
{
"category": "external",
"summary": "2030787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030787"
},
{
"category": "external",
"summary": "2050744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050744"
},
{
"category": "external",
"summary": "2050746",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050746"
},
{
"category": "external",
"summary": "2050748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050748"
},
{
"category": "external",
"summary": "2050753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050753"
},
{
"category": "external",
"summary": "2050757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050757"
},
{
"category": "external",
"summary": "2050758",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050758"
},
{
"category": "external",
"summary": "2057277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057277"
},
{
"category": "external",
"summary": "2061638",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061638"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1276.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.0.9 security update",
"tracking": {
"current_release_date": "2024-11-06T00:39:27+00:00",
"generator": {
"date": "2024-11-06T00:39:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2022:1276",
"initial_release_date": "2022-04-07T18:02:07+00:00",
"revision_history": [
{
"date": "2022-04-07T18:02:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-04-07T18:02:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-06T00:39:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Service Mesh 2.0",
"product": {
"name": "OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.0::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "kiali-0:v1.24.7.redhat1-1.el8.src",
"product": {
"name": "kiali-0:v1.24.7.redhat1-1.el8.src",
"product_id": "kiali-0:v1.24.7.redhat1-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kiali@v1.24.7.redhat1-1.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "servicemesh-proxy-0:2.0.9-3.el8.src",
"product": {
"name": "servicemesh-proxy-0:2.0.9-3.el8.src",
"product_id": "servicemesh-proxy-0:2.0.9-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-proxy@2.0.9-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "servicemesh-operator-0:2.0.9-3.el8.src",
"product": {
"name": "servicemesh-operator-0:2.0.9-3.el8.src",
"product_id": "servicemesh-operator-0:2.0.9-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-operator@2.0.9-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "servicemesh-0:2.0.9-3.el8.src",
"product": {
"name": "servicemesh-0:2.0.9-3.el8.src",
"product_id": "servicemesh-0:2.0.9-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh@2.0.9-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"product": {
"name": "servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"product_id": "servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-prometheus@2.14.0-16.el8.1?arch=src"
}
}
},
{
"category": "product_version",
"name": "servicemesh-cni-0:2.0.9-3.el8.src",
"product": {
"name": "servicemesh-cni-0:2.0.9-3.el8.src",
"product_id": "servicemesh-cni-0:2.0.9-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-cni@2.0.9-3.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"product": {
"name": "kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"product_id": "kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kiali@v1.24.7.redhat1-1.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-proxy-0:2.0.9-3.el8.x86_64",
"product": {
"name": "servicemesh-proxy-0:2.0.9-3.el8.x86_64",
"product_id": "servicemesh-proxy-0:2.0.9-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-proxy@2.0.9-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-operator-0:2.0.9-3.el8.x86_64",
"product": {
"name": "servicemesh-operator-0:2.0.9-3.el8.x86_64",
"product_id": "servicemesh-operator-0:2.0.9-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-operator@2.0.9-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-0:2.0.9-3.el8.x86_64",
"product": {
"name": "servicemesh-0:2.0.9-3.el8.x86_64",
"product_id": "servicemesh-0:2.0.9-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh@2.0.9-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"product": {
"name": "servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"product_id": "servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-istioctl@2.0.9-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"product": {
"name": "servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"product_id": "servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-mixc@2.0.9-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"product": {
"name": "servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"product_id": "servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-mixs@2.0.9-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"product": {
"name": "servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"product_id": "servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-pilot-agent@2.0.9-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"product": {
"name": "servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"product_id": "servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-pilot-discovery@2.0.9-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"product": {
"name": "servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"product_id": "servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-prometheus@2.14.0-16.el8.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-cni-0:2.0.9-3.el8.x86_64",
"product": {
"name": "servicemesh-cni-0:2.0.9-3.el8.x86_64",
"product_id": "servicemesh-cni-0:2.0.9-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-cni@2.0.9-3.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"product": {
"name": "kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"product_id": "kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kiali@v1.24.7.redhat1-1.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"product": {
"name": "servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"product_id": "servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-proxy@2.0.9-3.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"product": {
"name": "servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"product_id": "servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-operator@2.0.9-3.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-0:2.0.9-3.el8.ppc64le",
"product": {
"name": "servicemesh-0:2.0.9-3.el8.ppc64le",
"product_id": "servicemesh-0:2.0.9-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh@2.0.9-3.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"product": {
"name": "servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"product_id": "servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-istioctl@2.0.9-3.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"product": {
"name": "servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"product_id": "servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-mixc@2.0.9-3.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"product": {
"name": "servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"product_id": "servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-mixs@2.0.9-3.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"product": {
"name": "servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"product_id": "servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-pilot-agent@2.0.9-3.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"product": {
"name": "servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"product_id": "servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-pilot-discovery@2.0.9-3.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"product": {
"name": "servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"product_id": "servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-prometheus@2.14.0-16.el8.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"product": {
"name": "servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"product_id": "servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-cni@2.0.9-3.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kiali-0:v1.24.7.redhat1-1.el8.s390x",
"product": {
"name": "kiali-0:v1.24.7.redhat1-1.el8.s390x",
"product_id": "kiali-0:v1.24.7.redhat1-1.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kiali@v1.24.7.redhat1-1.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-proxy-0:2.0.9-3.el8.s390x",
"product": {
"name": "servicemesh-proxy-0:2.0.9-3.el8.s390x",
"product_id": "servicemesh-proxy-0:2.0.9-3.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-proxy@2.0.9-3.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-operator-0:2.0.9-3.el8.s390x",
"product": {
"name": "servicemesh-operator-0:2.0.9-3.el8.s390x",
"product_id": "servicemesh-operator-0:2.0.9-3.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-operator@2.0.9-3.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-0:2.0.9-3.el8.s390x",
"product": {
"name": "servicemesh-0:2.0.9-3.el8.s390x",
"product_id": "servicemesh-0:2.0.9-3.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh@2.0.9-3.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"product": {
"name": "servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"product_id": "servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-istioctl@2.0.9-3.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-mixc-0:2.0.9-3.el8.s390x",
"product": {
"name": "servicemesh-mixc-0:2.0.9-3.el8.s390x",
"product_id": "servicemesh-mixc-0:2.0.9-3.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-mixc@2.0.9-3.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-mixs-0:2.0.9-3.el8.s390x",
"product": {
"name": "servicemesh-mixs-0:2.0.9-3.el8.s390x",
"product_id": "servicemesh-mixs-0:2.0.9-3.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-mixs@2.0.9-3.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"product": {
"name": "servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"product_id": "servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-pilot-agent@2.0.9-3.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"product": {
"name": "servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"product_id": "servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-pilot-discovery@2.0.9-3.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"product": {
"name": "servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"product_id": "servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-prometheus@2.14.0-16.el8.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-cni-0:2.0.9-3.el8.s390x",
"product": {
"name": "servicemesh-cni-0:2.0.9-3.el8.s390x",
"product_id": "servicemesh-cni-0:2.0.9-3.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-cni@2.0.9-3.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kiali-0:v1.24.7.redhat1-1.el8.ppc64le as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le"
},
"product_reference": "kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kiali-0:v1.24.7.redhat1-1.el8.s390x as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x"
},
"product_reference": "kiali-0:v1.24.7.redhat1-1.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kiali-0:v1.24.7.redhat1-1.el8.src as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src"
},
"product_reference": "kiali-0:v1.24.7.redhat1-1.el8.src",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kiali-0:v1.24.7.redhat1-1.el8.x86_64 as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64"
},
"product_reference": "kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le"
},
"product_reference": "servicemesh-0:2.0.9-3.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x"
},
"product_reference": "servicemesh-0:2.0.9-3.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-0:2.0.9-3.el8.src as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src"
},
"product_reference": "servicemesh-0:2.0.9-3.el8.src",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64"
},
"product_reference": "servicemesh-0:2.0.9-3.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-cni-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le"
},
"product_reference": "servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-cni-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x"
},
"product_reference": "servicemesh-cni-0:2.0.9-3.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-cni-0:2.0.9-3.el8.src as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src"
},
"product_reference": "servicemesh-cni-0:2.0.9-3.el8.src",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-cni-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64"
},
"product_reference": "servicemesh-cni-0:2.0.9-3.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-istioctl-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le"
},
"product_reference": "servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-istioctl-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x"
},
"product_reference": "servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-istioctl-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64"
},
"product_reference": "servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-mixc-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le"
},
"product_reference": "servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-mixc-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x"
},
"product_reference": "servicemesh-mixc-0:2.0.9-3.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-mixc-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64"
},
"product_reference": "servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-mixs-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le"
},
"product_reference": "servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-mixs-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x"
},
"product_reference": "servicemesh-mixs-0:2.0.9-3.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-mixs-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64"
},
"product_reference": "servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-operator-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le"
},
"product_reference": "servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-operator-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x"
},
"product_reference": "servicemesh-operator-0:2.0.9-3.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-operator-0:2.0.9-3.el8.src as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src"
},
"product_reference": "servicemesh-operator-0:2.0.9-3.el8.src",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-operator-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64"
},
"product_reference": "servicemesh-operator-0:2.0.9-3.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le"
},
"product_reference": "servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-pilot-agent-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x"
},
"product_reference": "servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64"
},
"product_reference": "servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le"
},
"product_reference": "servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x"
},
"product_reference": "servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64"
},
"product_reference": "servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le"
},
"product_reference": "servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-prometheus-0:2.14.0-16.el8.1.s390x as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x"
},
"product_reference": "servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-prometheus-0:2.14.0-16.el8.1.src as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src"
},
"product_reference": "servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64 as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64"
},
"product_reference": "servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-proxy-0:2.0.9-3.el8.ppc64le as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le"
},
"product_reference": "servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-proxy-0:2.0.9-3.el8.s390x as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x"
},
"product_reference": "servicemesh-proxy-0:2.0.9-3.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-proxy-0:2.0.9-3.el8.src as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src"
},
"product_reference": "servicemesh-proxy-0:2.0.9-3.el8.src",
"relates_to_product_reference": "8Base-OSSM-2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-proxy-0:2.0.9-3.el8.x86_64 as a component of OpenShift Service Mesh 2.0",
"product_id": "8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
},
"product_reference": "servicemesh-proxy-0:2.0.9-3.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28851",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"discovery_date": "2021-01-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1913333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org. In x/text, an \"index out of range\" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Below Red Hat products include the affected version of \u0027golang.org/x/text\u0027, however the language package is not being used and hence they are rated as having a security impact of Low. A future update may address this issue.\n\n* Red Hat OpenShift Container Storage 4\n* OpenShift ServiceMesh (OSSM)\n* Red Hat Gluster Storage 3\n* Windows Container Support for Red Hat OpenShift\n\nOnly three components in OpenShift Container Platform include the affected package, \u0027golang.org/x/text/language\u0027 , the installer, baremetal installer and thanos container images. All other components that include a version of \u0027golang.org/x/text\u0027 do not include the \u0027language\u0027 package and are therefore not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28851"
},
{
"category": "external",
"summary": "RHBZ#1913333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28851",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28851"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28851",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28851"
}
],
"release_date": "2021-01-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension"
},
{
"cve": "CVE-2020-28852",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"discovery_date": "2021-01-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1913338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org. In x/text, a \"slice bounds out of range\" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Below Red Hat products include the affected version of \u0027golang.org/x/text\u0027, however the language package is not being used and hence they are rated as having a security impact of Low. A future update may address this issue.\n\n* Red Hat OpenShift Container Storage 4\n* OpenShift ServiceMesh (OSSM)\n* Red Hat Gluster Storage 3\n* Windows Container Support for Red Hat OpenShift\n\nOnly three components in OpenShift Container Platform include the affected package, \u0027golang.org/x/text/language\u0027 , the installer, baremetal installer and thanos container images. All other components that include a version of \u0027golang.org/x/text\u0027 do not include the \u0027language\u0027 package and are therefore not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28852"
},
{
"category": "external",
"summary": "RHBZ#1913338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28852",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28852"
}
],
"release_date": "2021-01-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag"
},
{
"cve": "CVE-2021-3121",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"discovery_date": "2021-01-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1921650"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this vulnerability is to availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Jaeger (RHOSJ) all include code generated by github.com/gogo/protobuf to parse protobuf messages. However, no component is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate for OCP, OSSM and RHOSJ.\n\nOpenShift Virtualization includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no component of OpenShift Virtualization is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no RHACM component is accepting protobuf messages from unauthenticated sources and are used with a limited scope, hence this vulnerability is rated Moderate for RHACM.\n\nRed Hat Cluster Application Migration (CAM) includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no CAM component is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate for CAM.\n\nCryostat-2 is affected as it does ship gogo/protobuf library with it\u0027s distribution but the only use for Protobuf would be the Kubernetes/OpenShift API server the operator communicates with and it should be authenticated hence it is affected with Moderate impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3121"
},
{
"category": "external",
"summary": "RHBZ#1921650",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3121",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121"
}
],
"release_date": "2021-01-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation"
},
{
"cve": "CVE-2021-3749",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-08-31T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1999784"
}
],
"notes": [
{
"category": "description",
"text": "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the nodejs axios. This flaw allows an attacker to provide crafted input to the trim function, which might cause high resources consumption and as a consequence lead to denial of service. The highest threat from this vulnerability is system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-axios: Regular expression denial of service in trim function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* OpenShift Container Platform (OCP) grafana-container does package a vulnerable version of nodejs axios. However, due to the instance being read only and behind OpenShift OAuth, the impact of this vulnerability is Low.\n\n* Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.1 and previous versions does contain a vulnerable version of nodejs axios, RHACM 2.2 on towards are not affected versions. For RHACM 2.1, due to the instance being read only and behind OAuth, the impact of this vulnerability is Low.\n\n* Because Service Telemetry Framework 1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF\u0027s service-telemetry-operator-container and smart-gateway-operator-container.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3749"
},
{
"category": "external",
"summary": "RHBZ#1999784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999784"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3749",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3749"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3749",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3749"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929",
"url": "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31",
"url": "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31"
}
],
"release_date": "2021-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-axios: Regular expression denial of service in trim function"
},
{
"cve": "CVE-2021-29482",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-04-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1954368"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in github.com/ulikunitz/xz. The function readUvarint may not terminate a loop what could lead to denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ulikunitz/xz: Infinite loop in readUvarint allows for denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM) and Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected components are behind OpenShift OAuth authentication, therefore the impact is low.\nIn OCP before 4.7 the buildah, skopeo and podman packages include vulnerable version of github.com/ulikunitz/xz, but these OCP releases are already in the Maintenance Phase of the support, hence affected components are marked as wontfix. This may be fixed in the future.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-29482"
},
{
"category": "external",
"summary": "RHBZ#1954368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954368"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-29482",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29482"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29482",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29482"
}
],
"release_date": "2020-08-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ulikunitz/xz: Infinite loop in readUvarint allows for denial of service"
},
{
"cve": "CVE-2021-29923",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-08-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1992006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Extraneous zero characters at the beginning of an IP address octet are not properly considered which could allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability potentially affects any component written in Go that uses the net standard library and ParseIP / ParseCIDR functions. There are components which might not use these functions or might use them to parse IP addresses and not manage them in any way (only store information about the ip address) . This reduces the severity of this vulnerability to Low for the following offerings:\n* OpenShift distributed tracing (formerly OpenShift Jaeger)\n* OpenShift Migration Toolkit for Containers\n* OpenShift Container Platform",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-29923"
},
{
"category": "external",
"summary": "RHBZ#1992006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-29923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29923",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29923"
},
{
"category": "external",
"summary": "https://sick.codes/sick-2021-016/",
"url": "https://sick.codes/sick-2021-016/"
}
],
"release_date": "2021-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet"
},
{
"cve": "CVE-2021-36221",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2021-08-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1995656"
}
],
"notes": [
{
"category": "description",
"text": "A race condition flaw was found in Go. The incoming requests body weren\u0027t closed after the handler panic and as a consequence this could lead to ReverseProxy crash. The highest threat from this vulnerability is to Availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: panic due to racy read of persistConn after handler panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the impacted RHOSP packages.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF1.3, no update will be provided at this time for the STF1.3 sg-core-container. Additionally, because Service Telemetry Framework1.2 will be retiring soon, no update will be provided at this time for the STF1.2 smart-gateway-container.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-36221"
},
{
"category": "external",
"summary": "RHBZ#1995656",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995656"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-36221",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36221"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/uHACNfXAZqk",
"url": "https://groups.google.com/g/golang-announce/c/uHACNfXAZqk"
}
],
"release_date": "2021-08-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: panic due to racy read of persistConn after handler panic"
},
{
"cve": "CVE-2021-43565",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-12-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030787"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s an input validation flaw in golang.org/x/crypto\u0027s readCipherPacket() function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a panic, potentially leading to denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto: empty plaintext packet causes panic",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "go-toolset shipped with Red Hat Developer Tools - Compilers and golang shipped with Red Hat Enterprise Linux 8 are not affected by this flaw because they do not ship the vulnerable code.\n\nThis flaw was rated to have a Moderate impact because it is not shipped in the Golang standard library and thus has a reduced impact to products compared with other flaws of this type.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43565"
},
{
"category": "external",
"summary": "RHBZ#2030787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030787"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43565"
}
],
"release_date": "2021-12-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/crypto: empty plaintext packet causes panic"
},
{
"cve": "CVE-2021-43824",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2022-02-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050744"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in envoy. A crafted request can potentially trigger a NULL pointer dereference when using a WT filter safe_regex match.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Null pointer dereference when using JWT filter safe_regex match",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43824"
},
{
"category": "external",
"summary": "RHBZ#2050744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050744"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43824",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43824"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43824",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43824"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vj5m-rch8-5r2p",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vj5m-rch8-5r2p"
}
],
"release_date": "2022-02-22T07:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "envoy: Null pointer dereference when using JWT filter safe_regex match"
},
{
"cve": "CVE-2021-43825",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-02-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050746"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in envoy. If the amount of buffered data by envoy goes over the limit, the buffer may overflow while a response is being processed by the filter chain. This issue possibly causes the operation to abort incorrectly, resulting in the access of a freed memory block.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Use-after-free when response filters increase response data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43825"
},
{
"category": "external",
"summary": "RHBZ#2050746",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050746"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43825",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43825"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43825",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43825"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh"
}
],
"release_date": "2022-02-22T07:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "envoy: Use-after-free when response filters increase response data"
},
{
"cve": "CVE-2021-43826",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-02-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050748"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in envoy. If a downstream source disconnects during upstream connection establishment when tunneling TCP over HTTP, a use-after-free can occur, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Use-after-free when tunneling TCP over HTTP",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43826"
},
{
"category": "external",
"summary": "RHBZ#2050748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050748"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43826",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43826"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43826",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43826"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf"
}
],
"release_date": "2022-02-22T07:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "envoy: Use-after-free when tunneling TCP over HTTP"
},
{
"cve": "CVE-2022-21654",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2022-02-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050753"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in envoy. When certificate validation settings are changed, incorrect configuration handling allows TLS session reuse without revalidation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Incorrect configuration handling allows mTLS session re-use without re-validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21654"
},
{
"category": "external",
"summary": "RHBZ#2050753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050753"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21654",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21654"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21654",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21654"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5j4x-g36v-m283",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5j4x-g36v-m283"
}
],
"release_date": "2022-02-22T07:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "envoy: Incorrect configuration handling allows mTLS session re-use without re-validation"
},
{
"cve": "CVE-2022-21655",
"cwe": {
"id": "CWE-670",
"name": "Always-Incorrect Control Flow Implementation"
},
"discovery_date": "2022-02-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050757"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in envoy. Due to incorrect handling of the common router, a segfault is possible when internal redirects are routes with a direct response entry.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Incorrect handling of internal redirects to routes with a direct response entry",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21655"
},
{
"category": "external",
"summary": "RHBZ#2050757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050757"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21655",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21655"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21655",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21655"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7r5p-7fmh-jxpg",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7r5p-7fmh-jxpg"
}
],
"release_date": "2022-02-22T07:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "envoy: Incorrect handling of internal redirects to routes with a direct response entry"
},
{
"cve": "CVE-2022-23606",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-02-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050758"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in envoy. When a cluster is deleted via the Cluster Discovery Service, a stack exhaustion may occur.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23606"
},
{
"category": "external",
"summary": "RHBZ#2050758",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050758"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23606",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23606"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23606",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23606"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-9vp2-4cp7-vvxf",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-9vp2-4cp7-vvxf"
}
],
"release_date": "2022-02-22T07:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service"
},
{
"cve": "CVE-2022-23635",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2022-02-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2057277"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in istio. This flaw allows an attacker to send a specially crafted message to isitiod, causing the control plane to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "istio: unauthenticated control plane denial of service attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23635"
},
{
"category": "external",
"summary": "RHBZ#2057277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057277"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23635"
},
{
"category": "external",
"summary": "https://istio.io/latest/news/security/istio-security-2022-003",
"url": "https://istio.io/latest/news/security/istio-security-2022-003"
}
],
"release_date": "2022-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "istio: unauthenticated control plane denial of service attack"
},
{
"acknowledgments": [
{
"names": [
"Oliver Liu, John Howard and Jacob Delgado"
],
"organization": "Istio Product Security Working Group",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-24726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-03-08T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2061638"
}
],
"notes": [
{
"category": "description",
"text": "A stack exhaustion flaw was found in the Istio control plane. This flaw allows a remote unauthenticated attacker to send a specially crafted or oversized message to crash the control plane process, resulting in a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "istio: Unauthenticated control plane denial of service attack due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.ppc64le",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.s390x",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.src",
"8Base-OSSM-2.0:kiali-0:v1.24.7.redhat1-1.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-cni-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-operator-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.ppc64le",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.s390x",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.src",
"8Base-OSSM-2.0:servicemesh-prometheus-0:2.14.0-16.el8.1.x86_64",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-proxy-0:2.0.9-3.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24726"
},
{
"category": "external",
"summary": "RHBZ#2061638",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061638"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24726",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24726"
},
{
"category": "external",
"summary": "https://istio.io/latest/news/security/istio-security-2022-004/",
"url": "https://istio.io/latest/news/security/istio-security-2022-004/"
}
],
"release_date": "2022-03-09T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:02:07+00:00",
"details": "The OpenShift Service Mesh release notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1276"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.src",
"8Base-OSSM-2.0:servicemesh-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-istioctl-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixc-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-mixs-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-agent-0:2.0.9-3.el8.x86_64",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.ppc64le",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.s390x",
"8Base-OSSM-2.0:servicemesh-pilot-discovery-0:2.0.9-3.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "istio: Unauthenticated control plane denial of service attack due to stack exhaustion"
}
]
}
rhsa-2022_1275
Vulnerability from csaf_redhat
Published
2022-04-07 18:06
Modified
2024-11-06 00:39
Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.1.2 security update
Notes
Topic
Red Hat OpenShift Service Mesh 2.1.2
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service
mesh project, tailored for installation into an on-premise OpenShift Container
Platform installation.
This advisory covers the RPM packages for the release.
Security Fix(es):
* envoy: Incorrect configuration handling allows mTLS session re-use without re-validation (CVE-2022-21654)
* envoy: Incorrect handling of internal redirects to routes with a direct response entry (CVE-2022-21655)
* istio: Unauthenticated control plane denial of service attack due to stack exhaustion (CVE-2022-24726)
* envoy: Null pointer dereference when using JWT filter safe_regex match (CVE-2021-43824)
* envoy: Use-after-free when response filters increase response data (CVE-2021-43825)
* envoy: Use-after-free when tunneling TCP over HTTP (CVE-2021-43826)
* envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service (CVE-2022-23606)
* istio: unauthenticated control plane denial of service attack (CVE-2022-23635)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 2.1.2\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio service\nmesh project, tailored for installation into an on-premise OpenShift Container\nPlatform installation.\n\nThis advisory covers the RPM packages for the release.\n\nSecurity Fix(es):\n\n* envoy: Incorrect configuration handling allows mTLS session re-use without re-validation (CVE-2022-21654)\n\n* envoy: Incorrect handling of internal redirects to routes with a direct response entry (CVE-2022-21655)\n\n* istio: Unauthenticated control plane denial of service attack due to stack exhaustion (CVE-2022-24726)\n\n* envoy: Null pointer dereference when using JWT filter safe_regex match (CVE-2021-43824)\n\n* envoy: Use-after-free when response filters increase response data (CVE-2021-43825)\n\n* envoy: Use-after-free when tunneling TCP over HTTP (CVE-2021-43826)\n\n* envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service (CVE-2022-23606)\n\n* istio: unauthenticated control plane denial of service attack (CVE-2022-23635)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:1275",
"url": "https://access.redhat.com/errata/RHSA-2022:1275"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2050744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050744"
},
{
"category": "external",
"summary": "2050746",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050746"
},
{
"category": "external",
"summary": "2050748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050748"
},
{
"category": "external",
"summary": "2050753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050753"
},
{
"category": "external",
"summary": "2050757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050757"
},
{
"category": "external",
"summary": "2050758",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050758"
},
{
"category": "external",
"summary": "2057277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057277"
},
{
"category": "external",
"summary": "2061638",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061638"
},
{
"category": "external",
"summary": "OSSM-1074",
"url": "https://issues.redhat.com/browse/OSSM-1074"
},
{
"category": "external",
"summary": "OSSM-1234",
"url": "https://issues.redhat.com/browse/OSSM-1234"
},
{
"category": "external",
"summary": "OSSM-303",
"url": "https://issues.redhat.com/browse/OSSM-303"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1275.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.1.2 security update",
"tracking": {
"current_release_date": "2024-11-06T00:39:36+00:00",
"generator": {
"date": "2024-11-06T00:39:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2022:1275",
"initial_release_date": "2022-04-07T18:06:45+00:00",
"revision_history": [
{
"date": "2022-04-07T18:06:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-04-07T18:06:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-06T00:39:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Service Mesh 2.1",
"product": {
"name": "OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.1::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "servicemesh-operator-0:2.1.2-4.el8.src",
"product": {
"name": "servicemesh-operator-0:2.1.2-4.el8.src",
"product_id": "servicemesh-operator-0:2.1.2-4.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-operator@2.1.2-4.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "servicemesh-0:2.1.2-4.el8.src",
"product": {
"name": "servicemesh-0:2.1.2-4.el8.src",
"product_id": "servicemesh-0:2.1.2-4.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh@2.1.2-4.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "servicemesh-ratelimit-0:2.1.2-4.el8.src",
"product": {
"name": "servicemesh-ratelimit-0:2.1.2-4.el8.src",
"product_id": "servicemesh-ratelimit-0:2.1.2-4.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-ratelimit@2.1.2-4.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "servicemesh-prometheus-0:2.23.0-5.el8.src",
"product": {
"name": "servicemesh-prometheus-0:2.23.0-5.el8.src",
"product_id": "servicemesh-prometheus-0:2.23.0-5.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-prometheus@2.23.0-5.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "servicemesh-proxy-0:2.1.2-4.el8.src",
"product": {
"name": "servicemesh-proxy-0:2.1.2-4.el8.src",
"product_id": "servicemesh-proxy-0:2.1.2-4.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-proxy@2.1.2-4.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "servicemesh-operator-0:2.1.2-4.el8.x86_64",
"product": {
"name": "servicemesh-operator-0:2.1.2-4.el8.x86_64",
"product_id": "servicemesh-operator-0:2.1.2-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-operator@2.1.2-4.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-0:2.1.2-4.el8.x86_64",
"product": {
"name": "servicemesh-0:2.1.2-4.el8.x86_64",
"product_id": "servicemesh-0:2.1.2-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh@2.1.2-4.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-cni-0:2.1.2-4.el8.x86_64",
"product": {
"name": "servicemesh-cni-0:2.1.2-4.el8.x86_64",
"product_id": "servicemesh-cni-0:2.1.2-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-cni@2.1.2-4.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"product": {
"name": "servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"product_id": "servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-pilot-agent@2.1.2-4.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"product": {
"name": "servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"product_id": "servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-pilot-discovery@2.1.2-4.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-ratelimit-0:2.1.2-4.el8.x86_64",
"product": {
"name": "servicemesh-ratelimit-0:2.1.2-4.el8.x86_64",
"product_id": "servicemesh-ratelimit-0:2.1.2-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-ratelimit@2.1.2-4.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"product": {
"name": "servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"product_id": "servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-prometheus@2.23.0-5.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"product": {
"name": "servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"product_id": "servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-proxy@2.1.2-4.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"product": {
"name": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"product_id": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-proxy-debugsource@2.1.2-4.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"product": {
"name": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"product_id": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-proxy-debuginfo@2.1.2-4.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"product": {
"name": "servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"product_id": "servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-operator@2.1.2-4.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-0:2.1.2-4.el8.ppc64le",
"product": {
"name": "servicemesh-0:2.1.2-4.el8.ppc64le",
"product_id": "servicemesh-0:2.1.2-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh@2.1.2-4.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"product": {
"name": "servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"product_id": "servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-cni@2.1.2-4.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"product": {
"name": "servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"product_id": "servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-pilot-agent@2.1.2-4.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"product": {
"name": "servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"product_id": "servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-pilot-discovery@2.1.2-4.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"product": {
"name": "servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"product_id": "servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-ratelimit@2.1.2-4.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"product": {
"name": "servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"product_id": "servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-prometheus@2.23.0-5.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"product": {
"name": "servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"product_id": "servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-proxy@2.1.2-4.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"product": {
"name": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"product_id": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-proxy-debugsource@2.1.2-4.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"product": {
"name": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"product_id": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-proxy-debuginfo@2.1.2-4.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "servicemesh-operator-0:2.1.2-4.el8.s390x",
"product": {
"name": "servicemesh-operator-0:2.1.2-4.el8.s390x",
"product_id": "servicemesh-operator-0:2.1.2-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-operator@2.1.2-4.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-0:2.1.2-4.el8.s390x",
"product": {
"name": "servicemesh-0:2.1.2-4.el8.s390x",
"product_id": "servicemesh-0:2.1.2-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh@2.1.2-4.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-cni-0:2.1.2-4.el8.s390x",
"product": {
"name": "servicemesh-cni-0:2.1.2-4.el8.s390x",
"product_id": "servicemesh-cni-0:2.1.2-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-cni@2.1.2-4.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"product": {
"name": "servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"product_id": "servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-pilot-agent@2.1.2-4.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"product": {
"name": "servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"product_id": "servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-pilot-discovery@2.1.2-4.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"product": {
"name": "servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"product_id": "servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-ratelimit@2.1.2-4.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"product": {
"name": "servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"product_id": "servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-prometheus@2.23.0-5.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-proxy-0:2.1.2-4.el8.s390x",
"product": {
"name": "servicemesh-proxy-0:2.1.2-4.el8.s390x",
"product_id": "servicemesh-proxy-0:2.1.2-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-proxy@2.1.2-4.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"product": {
"name": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"product_id": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-proxy-debugsource@2.1.2-4.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"product": {
"name": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"product_id": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-proxy-debuginfo@2.1.2-4.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch",
"product": {
"name": "servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch",
"product_id": "servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/servicemesh-proxy-wasm@2.1.2-4.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-0:2.1.2-4.el8.ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le"
},
"product_reference": "servicemesh-0:2.1.2-4.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-0:2.1.2-4.el8.s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x"
},
"product_reference": "servicemesh-0:2.1.2-4.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-0:2.1.2-4.el8.src as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src"
},
"product_reference": "servicemesh-0:2.1.2-4.el8.src",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-0:2.1.2-4.el8.x86_64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64"
},
"product_reference": "servicemesh-0:2.1.2-4.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-cni-0:2.1.2-4.el8.ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le"
},
"product_reference": "servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-cni-0:2.1.2-4.el8.s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x"
},
"product_reference": "servicemesh-cni-0:2.1.2-4.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-cni-0:2.1.2-4.el8.x86_64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64"
},
"product_reference": "servicemesh-cni-0:2.1.2-4.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-operator-0:2.1.2-4.el8.ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le"
},
"product_reference": "servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-operator-0:2.1.2-4.el8.s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x"
},
"product_reference": "servicemesh-operator-0:2.1.2-4.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-operator-0:2.1.2-4.el8.src as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src"
},
"product_reference": "servicemesh-operator-0:2.1.2-4.el8.src",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-operator-0:2.1.2-4.el8.x86_64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64"
},
"product_reference": "servicemesh-operator-0:2.1.2-4.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le"
},
"product_reference": "servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-pilot-agent-0:2.1.2-4.el8.s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x"
},
"product_reference": "servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64"
},
"product_reference": "servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le"
},
"product_reference": "servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x"
},
"product_reference": "servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64"
},
"product_reference": "servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-prometheus-0:2.23.0-5.el8.ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le"
},
"product_reference": "servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-prometheus-0:2.23.0-5.el8.s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x"
},
"product_reference": "servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-prometheus-0:2.23.0-5.el8.src as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src"
},
"product_reference": "servicemesh-prometheus-0:2.23.0-5.el8.src",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-prometheus-0:2.23.0-5.el8.x86_64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64"
},
"product_reference": "servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-proxy-0:2.1.2-4.el8.ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le"
},
"product_reference": "servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-proxy-0:2.1.2-4.el8.s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x"
},
"product_reference": "servicemesh-proxy-0:2.1.2-4.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-proxy-0:2.1.2-4.el8.src as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src"
},
"product_reference": "servicemesh-proxy-0:2.1.2-4.el8.src",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-proxy-0:2.1.2-4.el8.x86_64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64"
},
"product_reference": "servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le"
},
"product_reference": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x"
},
"product_reference": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64"
},
"product_reference": "servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le"
},
"product_reference": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x"
},
"product_reference": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64"
},
"product_reference": "servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
},
"product_reference": "servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le"
},
"product_reference": "servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-ratelimit-0:2.1.2-4.el8.s390x as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x"
},
"product_reference": "servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-ratelimit-0:2.1.2-4.el8.src as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src"
},
"product_reference": "servicemesh-ratelimit-0:2.1.2-4.el8.src",
"relates_to_product_reference": "8Base-OSSM-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "servicemesh-ratelimit-0:2.1.2-4.el8.x86_64 as a component of OpenShift Service Mesh 2.1",
"product_id": "8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
},
"product_reference": "servicemesh-ratelimit-0:2.1.2-4.el8.x86_64",
"relates_to_product_reference": "8Base-OSSM-2.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-43824",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2022-02-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050744"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in envoy. A crafted request can potentially trigger a NULL pointer dereference when using a WT filter safe_regex match.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Null pointer dereference when using JWT filter safe_regex match",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
],
"known_not_affected": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43824"
},
{
"category": "external",
"summary": "RHBZ#2050744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050744"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43824",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43824"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43824",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43824"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vj5m-rch8-5r2p",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vj5m-rch8-5r2p"
}
],
"release_date": "2022-02-22T07:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:06:45+00:00",
"details": "The OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "envoy: Null pointer dereference when using JWT filter safe_regex match"
},
{
"cve": "CVE-2021-43825",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-02-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050746"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in envoy. If the amount of buffered data by envoy goes over the limit, the buffer may overflow while a response is being processed by the filter chain. This issue possibly causes the operation to abort incorrectly, resulting in the access of a freed memory block.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Use-after-free when response filters increase response data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
],
"known_not_affected": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43825"
},
{
"category": "external",
"summary": "RHBZ#2050746",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050746"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43825",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43825"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43825",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43825"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-h69p-g6xg-mhhh"
}
],
"release_date": "2022-02-22T07:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:06:45+00:00",
"details": "The OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "envoy: Use-after-free when response filters increase response data"
},
{
"cve": "CVE-2021-43826",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-02-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050748"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in envoy. If a downstream source disconnects during upstream connection establishment when tunneling TCP over HTTP, a use-after-free can occur, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Use-after-free when tunneling TCP over HTTP",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
],
"known_not_affected": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43826"
},
{
"category": "external",
"summary": "RHBZ#2050748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050748"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43826",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43826"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43826",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43826"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-cmx3-fvgf-83mf"
}
],
"release_date": "2022-02-22T07:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:06:45+00:00",
"details": "The OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "envoy: Use-after-free when tunneling TCP over HTTP"
},
{
"cve": "CVE-2022-21654",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2022-02-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050753"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in envoy. When certificate validation settings are changed, incorrect configuration handling allows TLS session reuse without revalidation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Incorrect configuration handling allows mTLS session re-use without re-validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
],
"known_not_affected": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21654"
},
{
"category": "external",
"summary": "RHBZ#2050753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050753"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21654",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21654"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21654",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21654"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5j4x-g36v-m283",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5j4x-g36v-m283"
}
],
"release_date": "2022-02-22T07:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:06:45+00:00",
"details": "The OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "envoy: Incorrect configuration handling allows mTLS session re-use without re-validation"
},
{
"cve": "CVE-2022-21655",
"cwe": {
"id": "CWE-670",
"name": "Always-Incorrect Control Flow Implementation"
},
"discovery_date": "2022-02-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050757"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in envoy. Due to incorrect handling of the common router, a segfault is possible when internal redirects are routes with a direct response entry.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Incorrect handling of internal redirects to routes with a direct response entry",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
],
"known_not_affected": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21655"
},
{
"category": "external",
"summary": "RHBZ#2050757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050757"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21655",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21655"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21655",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21655"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7r5p-7fmh-jxpg",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7r5p-7fmh-jxpg"
}
],
"release_date": "2022-02-22T07:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:06:45+00:00",
"details": "The OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "envoy: Incorrect handling of internal redirects to routes with a direct response entry"
},
{
"cve": "CVE-2022-23606",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-02-03T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2050758"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in envoy. When a cluster is deleted via the Cluster Discovery Service, a stack exhaustion may occur.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
],
"known_not_affected": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23606"
},
{
"category": "external",
"summary": "RHBZ#2050758",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050758"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23606",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23606"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23606",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23606"
},
{
"category": "external",
"summary": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-9vp2-4cp7-vvxf",
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-9vp2-4cp7-vvxf"
}
],
"release_date": "2022-02-22T07:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:06:45+00:00",
"details": "The OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service"
},
{
"cve": "CVE-2022-23635",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2022-02-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2057277"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in istio. This flaw allows an attacker to send a specially crafted message to isitiod, causing the control plane to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "istio: unauthenticated control plane denial of service attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23635"
},
{
"category": "external",
"summary": "RHBZ#2057277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057277"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23635"
},
{
"category": "external",
"summary": "https://istio.io/latest/news/security/istio-security-2022-003",
"url": "https://istio.io/latest/news/security/istio-security-2022-003"
}
],
"release_date": "2022-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:06:45+00:00",
"details": "The OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "istio: unauthenticated control plane denial of service attack"
},
{
"acknowledgments": [
{
"names": [
"Oliver Liu, John Howard and Jacob Delgado"
],
"organization": "Istio Product Security Working Group",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-24726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-03-08T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2061638"
}
],
"notes": [
{
"category": "description",
"text": "A stack exhaustion flaw was found in the Istio control plane. This flaw allows a remote unauthenticated attacker to send a specially crafted or oversized message to crash the control plane process, resulting in a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "istio: Unauthenticated control plane denial of service attack due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64"
],
"known_not_affected": [
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-operator-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.s390x",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.src",
"8Base-OSSM-2.1:servicemesh-prometheus-0:2.23.0-5.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-proxy-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debuginfo-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-proxy-debugsource-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-proxy-wasm-0:2.1.2-4.el8.noarch",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-ratelimit-0:2.1.2-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24726"
},
{
"category": "external",
"summary": "RHBZ#2061638",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061638"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24726",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24726"
},
{
"category": "external",
"summary": "https://istio.io/latest/news/security/istio-security-2022-004/",
"url": "https://istio.io/latest/news/security/istio-security-2022-004/"
}
],
"release_date": "2022-03-09T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-04-07T18:06:45+00:00",
"details": "The OpenShift Service Mesh Release Notes provide information on the features and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html",
"product_ids": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1275"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.src",
"8Base-OSSM-2.1:servicemesh-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-cni-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-agent-0:2.1.2-4.el8.x86_64",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.ppc64le",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.s390x",
"8Base-OSSM-2.1:servicemesh-pilot-discovery-0:2.1.2-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "istio: Unauthenticated control plane denial of service attack due to stack exhaustion"
}
]
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.