Action not permitted
Modal body text goes here.
cve-2022-39278
Vulnerability from cvelistv5
Published
2022-10-13 00:00
Modified
2024-08-03 12:00
Severity ?
EPSS score ?
Summary
Istio vulnerable to denial of service attack due to Golang Regex Library
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:00:43.519Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/istio/istio/security/advisories/GHSA-86vr-4wcv-mm9w" }, { "tags": [ "x_transferred" ], "url": "https://istio.io/latest/news/releases/1.13.x/announcing-1.13.9/" }, { "tags": [ "x_transferred" ], "url": "https://istio.io/latest/news/releases/1.15.x/announcing-1.15.2/" }, { "tags": [ "x_transferred" ], "url": "https://istio.io/news/releases/1.14.x/announcing-1.14.5/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "istio", "vendor": "istio", "versions": [ { "status": "affected", "version": "\u003c 1.13.9" }, { "status": "affected", "version": "\u003e= 1.14.0, \u003c 1.14.5" }, { "status": "affected", "version": "\u003e= 1.15.0, \u003c 1.15.2" } ] } ], "descriptions": [ { "lang": "en", "value": "Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted or oversized message which results in the control plane crashing when the Kubernetes validating or mutating webhook service is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially external istiod topologies, this port is exposed over the public internet. Versions 1.15.2, 1.14.5, and 1.13.9 contain patches for this issue. There are no effective workarounds, beyond upgrading. This bug is due to an error in `regexp.Compile` in Go." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-13T00:00:00", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "url": "https://github.com/istio/istio/security/advisories/GHSA-86vr-4wcv-mm9w" }, { "url": "https://istio.io/latest/news/releases/1.13.x/announcing-1.13.9/" }, { "url": "https://istio.io/latest/news/releases/1.15.x/announcing-1.15.2/" }, { "url": "https://istio.io/news/releases/1.14.x/announcing-1.14.5/" } ], "source": { "advisory": "GHSA-86vr-4wcv-mm9w", "discovery": "UNKNOWN" }, "title": "Istio vulnerable to denial of service attack due to Golang Regex Library" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-39278", "datePublished": "2022-10-13T00:00:00", "dateReserved": "2022-09-02T00:00:00", "dateUpdated": "2024-08-03T12:00:43.519Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2022-39278\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-10-13T23:15:11.033\",\"lastModified\":\"2022-10-19T14:24:42.583\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted or oversized message which results in the control plane crashing when the Kubernetes validating or mutating webhook service is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially external istiod topologies, this port is exposed over the public internet. Versions 1.15.2, 1.14.5, and 1.13.9 contain patches for this issue. There are no effective workarounds, beyond upgrading. This bug is due to an error in `regexp.Compile` in Go.\"},{\"lang\":\"es\",\"value\":\"Istio es una malla de servicios abierta e independiente de la plataforma que proporciona administraci\u00f3n de tr\u00e1fico, aplicaci\u00f3n de pol\u00edticas y recopilaci\u00f3n de telemetr\u00eda. En versiones anteriores a 1.15.2, 1.14.5, y 1.13.9, el plano de control de Istio, istiod, es vulnerable a un error de procesamiento de peticiones, permitiendo a un atacante malicioso que env\u00ede un mensaje especialmente dise\u00f1ado o de gran tama\u00f1o que resulte en el bloqueo del plano de control cuando el servicio de webhooks de comprobaci\u00f3n o mutaci\u00f3n de Kubernetes est\u00e1 expuesto p\u00fablicamente. Este endpoint es servido a trav\u00e9s del puerto 15017 de TLS, pero no requiere ninguna autenticaci\u00f3n por parte del atacante. Para instalaciones sencillas, Istiod normalmente s\u00f3lo es alcanzable desde dentro del cl\u00faster, limitando el radio de explosi\u00f3n. Sin embargo, para algunos despliegues, especialmente las topolog\u00edas de istiod externas, este puerto est\u00e1 expuesto a trav\u00e9s de la Internet p\u00fablica. Las versiones 1.15.2, 1.14.5 y 1.13.9 contienen parches para este problema. no se presentan mitigaciones efectivas, m\u00e1s all\u00e1 de la actualizaci\u00f3n. Este bug es debido a un error en el archivo \\\"regexp.Compile\\\" en Go\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.13.9\",\"matchCriteriaId\":\"29E9412C-C649-4DE8-98E6-4E1F48048156\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.14.0\",\"versionEndExcluding\":\"1.14.5\",\"matchCriteriaId\":\"A330CF8F-60D8-4C9A-94E2-4F9EA328D801\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.15.0\",\"versionEndExcluding\":\"1.15.2\",\"matchCriteriaId\":\"C0FE7223-1751-420F-AC19-7A6A98BC630C\"}]}]}],\"references\":[{\"url\":\"https://github.com/istio/istio/security/advisories/GHSA-86vr-4wcv-mm9w\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://istio.io/latest/news/releases/1.13.x/announcing-1.13.9/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://istio.io/latest/news/releases/1.15.x/announcing-1.15.2/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://istio.io/news/releases/1.14.x/announcing-1.14.5/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
rhsa-2023_0542
Vulnerability from csaf_redhat
Published
2023-01-30 17:18
Modified
2024-11-06 02:22
Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.3.1 Containers security update
Notes
Topic
Red Hat OpenShift Service Mesh 2.3.1 Containers
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
This advisory covers container images for the release.
Security Fix(es):
* goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be (CVE-2021-4238)
* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)
* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
* Istio: Denial of service attack via a specially crafted message (CVE-2022-39278)
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
* kiali: error message spoofing in kiali UI (CVE-2022-3962)
* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)
For more details about security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, see the CVE page(s) listed in the Container CVEs section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Service Mesh 2.3.1 Containers\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nThis advisory covers container images for the release.\n\nSecurity Fix(es):\n\n* goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be (CVE-2021-4238)\n* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)\n* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)\n* golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)\n* Istio: Denial of service attack via a specially crafted message (CVE-2022-39278)\n* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)\n* kiali: error message spoofing in kiali UI (CVE-2022-3962)\n* golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)\n\nFor more details about security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, see the CVE page(s) listed in the Container CVEs section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:0542", "url": "https://access.redhat.com/errata/RHSA-2023:0542" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2113814", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814" }, { "category": "external", "summary": "2124669", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669" }, { "category": "external", "summary": "2132867", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867" }, { "category": "external", "summary": "2132868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868" }, { "category": "external", "summary": "2132872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872" }, { "category": "external", "summary": "2148199", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148199" }, { "category": "external", "summary": "2148661", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148661" }, { "category": "external", "summary": "2156729", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156729" }, { "category": "external", "summary": "OSSM-1977", "url": "https://issues.redhat.com/browse/OSSM-1977" }, { "category": "external", "summary": "OSSM-2083", "url": "https://issues.redhat.com/browse/OSSM-2083" }, { "category": "external", "summary": "OSSM-2147", "url": "https://issues.redhat.com/browse/OSSM-2147" }, { "category": "external", "summary": "OSSM-2169", "url": "https://issues.redhat.com/browse/OSSM-2169" }, { "category": "external", "summary": "OSSM-2170", "url": "https://issues.redhat.com/browse/OSSM-2170" }, { "category": "external", "summary": "OSSM-2179", "url": "https://issues.redhat.com/browse/OSSM-2179" }, { "category": "external", "summary": "OSSM-2184", "url": "https://issues.redhat.com/browse/OSSM-2184" }, { "category": "external", "summary": "OSSM-2188", "url": "https://issues.redhat.com/browse/OSSM-2188" }, { "category": "external", "summary": "OSSM-2189", "url": "https://issues.redhat.com/browse/OSSM-2189" }, { "category": "external", "summary": "OSSM-2190", "url": "https://issues.redhat.com/browse/OSSM-2190" }, { "category": "external", "summary": "OSSM-2232", "url": "https://issues.redhat.com/browse/OSSM-2232" }, { "category": "external", "summary": "OSSM-2241", "url": "https://issues.redhat.com/browse/OSSM-2241" }, { "category": "external", "summary": "OSSM-2251", "url": "https://issues.redhat.com/browse/OSSM-2251" }, { "category": "external", "summary": "OSSM-2308", "url": "https://issues.redhat.com/browse/OSSM-2308" }, { "category": "external", "summary": "OSSM-2315", "url": "https://issues.redhat.com/browse/OSSM-2315" }, { "category": "external", "summary": "OSSM-2324", "url": "https://issues.redhat.com/browse/OSSM-2324" }, { "category": "external", "summary": "OSSM-2335", "url": "https://issues.redhat.com/browse/OSSM-2335" }, { "category": "external", "summary": "OSSM-2338", "url": "https://issues.redhat.com/browse/OSSM-2338" }, { "category": "external", "summary": "OSSM-2344", "url": "https://issues.redhat.com/browse/OSSM-2344" }, { "category": "external", "summary": "OSSM-2375", "url": "https://issues.redhat.com/browse/OSSM-2375" }, { "category": "external", "summary": "OSSM-2376", "url": "https://issues.redhat.com/browse/OSSM-2376" }, { "category": "external", "summary": "OSSM-535", "url": "https://issues.redhat.com/browse/OSSM-535" }, { "category": "external", "summary": "OSSM-827", "url": "https://issues.redhat.com/browse/OSSM-827" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0542.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.3.1 Containers security update", "tracking": { "current_release_date": "2024-11-06T02:22:18+00:00", "generator": { "date": "2024-11-06T02:22:18+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2023:0542", "initial_release_date": "2023-01-30T17:18:54+00:00", "revision_history": [ { "date": "2023-01-30T17:18:54+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-01-30T17:18:54+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T02:22:18+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHOSSM 2.3 for RHEL 8", "product": { "name": "RHOSSM 2.3 for RHEL 8", "product_id": "8Base-RHOSSM-2.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:service_mesh:2.3::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Service Mesh" }, { "branches": [ { "category": "product_version", "name": "openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64", "product": { "name": "openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64", "product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64", "product_identification_helper": { "purl": "pkg:oci/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.3.1-9" } } }, { "category": "product_version", "name": "openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64", "product": { "name": "openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64", "product_id": "openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64", "product_identification_helper": { "purl": "pkg:oci/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.3.1-5" } } }, { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64", "product": { "name": "openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64", "product_id": "openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.57.5-3" } } }, { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:e54f1962db7b4580a0e718839cdd15cddabaf3f3a673892cc6fedfd22c04dae7_amd64", "product": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:e54f1962db7b4580a0e718839cdd15cddabaf3f3a673892cc6fedfd22c04dae7_amd64", "product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:e54f1962db7b4580a0e718839cdd15cddabaf3f3a673892cc6fedfd22c04dae7_amd64", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8-operator@sha256:e54f1962db7b4580a0e718839cdd15cddabaf3f3a673892cc6fedfd22c04dae7?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.57.5-2" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64", "product": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64", "product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64", "product_identification_helper": { "purl": "pkg:oci/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.3.1-3" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64", "product": { "name": "openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64", "product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64", "product_identification_helper": { "purl": "pkg:oci/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.3.1-10" } } }, { "category": "product_version", "name": "openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64", "product": { "name": "openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64", "product_id": "openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64", "product_identification_helper": { "purl": "pkg:oci/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.3.1-9" } } }, { "category": "product_version", "name": "openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64", "product": { "name": "openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64", "product_id": "openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64", "product_identification_helper": { "purl": "pkg:oci/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.3.1-6" } } }, { "category": "product_version", "name": "openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64", "product": { "name": "openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64", "product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64", "product_identification_helper": { "purl": "pkg:oci/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.3.1-11" } } }, { "category": "product_version", "name": "openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64", "product": { "name": "openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64", "product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64", "product_identification_helper": { "purl": "pkg:oci/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.3.1-5" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x", "product": { "name": "openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x", "product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x", "product_identification_helper": { "purl": "pkg:oci/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.3.1-9" } } }, { "category": "product_version", "name": "openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x", "product": { "name": "openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x", "product_id": "openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x", "product_identification_helper": { "purl": "pkg:oci/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.3.1-5" } } }, { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x", "product": { "name": "openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x", "product_id": "openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.57.5-3" } } }, { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:f3b1a6f9f2efbce52b32cd93f49034d8451e5b040df7ab64a5bbaa6b5402a0c8_s390x", "product": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:f3b1a6f9f2efbce52b32cd93f49034d8451e5b040df7ab64a5bbaa6b5402a0c8_s390x", "product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:f3b1a6f9f2efbce52b32cd93f49034d8451e5b040df7ab64a5bbaa6b5402a0c8_s390x", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8-operator@sha256:f3b1a6f9f2efbce52b32cd93f49034d8451e5b040df7ab64a5bbaa6b5402a0c8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.57.5-2" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x", "product": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x", "product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x", "product_identification_helper": { "purl": "pkg:oci/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.3.1-3" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x", "product": { "name": "openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x", "product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x", "product_identification_helper": { "purl": "pkg:oci/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.3.1-10" } } }, { "category": "product_version", "name": "openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x", "product": { "name": "openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x", "product_id": "openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x", "product_identification_helper": { "purl": "pkg:oci/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.3.1-9" } } }, { "category": "product_version", "name": "openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x", "product": { "name": "openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x", "product_id": "openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x", "product_identification_helper": { "purl": "pkg:oci/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.3.1-6" } } }, { "category": "product_version", "name": "openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x", "product": { "name": "openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x", "product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x", "product_identification_helper": { "purl": "pkg:oci/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.3.1-11" } } }, { "category": "product_version", "name": "openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x", "product": { "name": "openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x", "product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x", "product_identification_helper": { "purl": "pkg:oci/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.3.1-5" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le", "product": { "name": "openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le", "product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le", "product_identification_helper": { "purl": "pkg:oci/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.3.1-9" } } }, { "category": "product_version", "name": "openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le", "product": { "name": "openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le", "product_id": "openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le", "product_identification_helper": { "purl": "pkg:oci/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.3.1-5" } } }, { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le", "product": { "name": "openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le", "product_id": "openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.57.5-3" } } }, { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:f6abd9560381220f45a93a66ea93e34b2cadb55feabb9c45ffd48342ac264103_ppc64le", "product": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:f6abd9560381220f45a93a66ea93e34b2cadb55feabb9c45ffd48342ac264103_ppc64le", "product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:f6abd9560381220f45a93a66ea93e34b2cadb55feabb9c45ffd48342ac264103_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8-operator@sha256:f6abd9560381220f45a93a66ea93e34b2cadb55feabb9c45ffd48342ac264103?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.57.5-2" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le", "product": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le", "product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le", "product_identification_helper": { "purl": "pkg:oci/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.3.1-3" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le", "product": { "name": "openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le", "product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le", "product_identification_helper": { "purl": "pkg:oci/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.3.1-10" } } }, { "category": "product_version", "name": "openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le", "product": { "name": "openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le", "product_id": "openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le", "product_identification_helper": { "purl": "pkg:oci/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.3.1-9" } } }, { "category": "product_version", "name": "openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le", "product": { "name": "openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le", "product_id": "openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le", "product_identification_helper": { "purl": "pkg:oci/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.3.1-6" } } }, { "category": "product_version", "name": "openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le", "product": { "name": "openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le", "product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le", "product_identification_helper": { "purl": "pkg:oci/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.3.1-11" } } }, { "category": "product_version", "name": "openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le", "product": { "name": "openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le", "product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.3.1-5" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x as a component of RHOSSM 2.3 for RHEL 8", "product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x" }, "product_reference": "openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x", "relates_to_product_reference": "8Base-RHOSSM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64 as a component of RHOSSM 2.3 for RHEL 8", "product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64" }, "product_reference": "openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64", "relates_to_product_reference": "8Base-RHOSSM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le as a component of RHOSSM 2.3 for RHEL 8", "product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le" }, "product_reference": "openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le", "relates_to_product_reference": "8Base-RHOSSM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le as a component of RHOSSM 2.3 for RHEL 8", "product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le" }, "product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le", "relates_to_product_reference": "8Base-RHOSSM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64 as a component of RHOSSM 2.3 for RHEL 8", "product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64" }, "product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64", "relates_to_product_reference": "8Base-RHOSSM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x as a component of RHOSSM 2.3 for RHEL 8", "product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x" }, "product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x", "relates_to_product_reference": "8Base-RHOSSM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x as a component of RHOSSM 2.3 for RHEL 8", "product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x" }, "product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x", "relates_to_product_reference": "8Base-RHOSSM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64 as a component of RHOSSM 2.3 for RHEL 8", "product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64" }, "product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64", "relates_to_product_reference": "8Base-RHOSSM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le as a component of RHOSSM 2.3 for RHEL 8", "product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le" }, "product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le", "relates_to_product_reference": "8Base-RHOSSM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le as a component of RHOSSM 2.3 for RHEL 8", "product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le" }, "product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le", "relates_to_product_reference": "8Base-RHOSSM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64 as a component of RHOSSM 2.3 for RHEL 8", "product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64" }, "product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64", "relates_to_product_reference": "8Base-RHOSSM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x as a component of RHOSSM 2.3 for RHEL 8", "product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x" }, "product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x", "relates_to_product_reference": "8Base-RHOSSM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:e54f1962db7b4580a0e718839cdd15cddabaf3f3a673892cc6fedfd22c04dae7_amd64 as a component of RHOSSM 2.3 for RHEL 8", "product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:e54f1962db7b4580a0e718839cdd15cddabaf3f3a673892cc6fedfd22c04dae7_amd64" }, "product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:e54f1962db7b4580a0e718839cdd15cddabaf3f3a673892cc6fedfd22c04dae7_amd64", "relates_to_product_reference": "8Base-RHOSSM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:f3b1a6f9f2efbce52b32cd93f49034d8451e5b040df7ab64a5bbaa6b5402a0c8_s390x as a component of RHOSSM 2.3 for RHEL 8", "product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f3b1a6f9f2efbce52b32cd93f49034d8451e5b040df7ab64a5bbaa6b5402a0c8_s390x" }, "product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:f3b1a6f9f2efbce52b32cd93f49034d8451e5b040df7ab64a5bbaa6b5402a0c8_s390x", "relates_to_product_reference": "8Base-RHOSSM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:f6abd9560381220f45a93a66ea93e34b2cadb55feabb9c45ffd48342ac264103_ppc64le as a component of RHOSSM 2.3 for RHEL 8", "product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f6abd9560381220f45a93a66ea93e34b2cadb55feabb9c45ffd48342ac264103_ppc64le" }, "product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:f6abd9560381220f45a93a66ea93e34b2cadb55feabb9c45ffd48342ac264103_ppc64le", "relates_to_product_reference": "8Base-RHOSSM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64 as a component of RHOSSM 2.3 for RHEL 8", "product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64" }, "product_reference": "openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64", "relates_to_product_reference": "8Base-RHOSSM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x as a component of RHOSSM 2.3 for RHEL 8", "product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x" }, "product_reference": "openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x", "relates_to_product_reference": "8Base-RHOSSM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le as a component of RHOSSM 2.3 for RHEL 8", "product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le" }, "product_reference": "openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le", "relates_to_product_reference": "8Base-RHOSSM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x as a component of RHOSSM 2.3 for RHEL 8", "product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x" }, "product_reference": "openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x", "relates_to_product_reference": "8Base-RHOSSM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64 as a component of RHOSSM 2.3 for RHEL 8", "product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64" }, "product_reference": "openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64", "relates_to_product_reference": "8Base-RHOSSM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le as a component of RHOSSM 2.3 for RHEL 8", "product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le" }, "product_reference": "openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le", "relates_to_product_reference": "8Base-RHOSSM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le as a component of RHOSSM 2.3 for RHEL 8", "product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le" }, "product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le", "relates_to_product_reference": "8Base-RHOSSM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x as a component of RHOSSM 2.3 for RHEL 8", "product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x" }, "product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x", "relates_to_product_reference": "8Base-RHOSSM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64 as a component of RHOSSM 2.3 for RHEL 8", "product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64" }, "product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64", "relates_to_product_reference": "8Base-RHOSSM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le as a component of RHOSSM 2.3 for RHEL 8", "product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le" }, "product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le", "relates_to_product_reference": "8Base-RHOSSM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x as a component of RHOSSM 2.3 for RHEL 8", "product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x" }, "product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x", "relates_to_product_reference": "8Base-RHOSSM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64 as a component of RHOSSM 2.3 for RHEL 8", "product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64" }, "product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64", "relates_to_product_reference": "8Base-RHOSSM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64 as a component of RHOSSM 2.3 for RHEL 8", "product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64" }, "product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64", "relates_to_product_reference": "8Base-RHOSSM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x as a component of RHOSSM 2.3 for RHEL 8", "product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x" }, "product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x", "relates_to_product_reference": "8Base-RHOSSM-2.3" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le as a component of RHOSSM 2.3 for RHEL 8", "product_id": "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le" }, "product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le", "relates_to_product_reference": "8Base-RHOSSM-2.3" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-4238", "cwe": { "id": "CWE-331", "name": "Insufficient Entropy" }, "discovery_date": "2022-12-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:e54f1962db7b4580a0e718839cdd15cddabaf3f3a673892cc6fedfd22c04dae7_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f3b1a6f9f2efbce52b32cd93f49034d8451e5b040df7ab64a5bbaa6b5402a0c8_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f6abd9560381220f45a93a66ea93e34b2cadb55feabb9c45ffd48342ac264103_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156729" } ], "notes": [ { "category": "description", "text": "A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amount of entropy generated in short strings by these functions.", "title": "Vulnerability description" }, { "category": "summary", "text": "goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x" ], "known_not_affected": [ "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:e54f1962db7b4580a0e718839cdd15cddabaf3f3a673892cc6fedfd22c04dae7_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f3b1a6f9f2efbce52b32cd93f49034d8451e5b040df7ab64a5bbaa6b5402a0c8_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f6abd9560381220f45a93a66ea93e34b2cadb55feabb9c45ffd48342ac264103_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-4238" }, { "category": "external", "summary": "RHBZ#2156729", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156729" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-4238", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4238" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4238", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4238" }, { "category": "external", "summary": "https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1", "url": "https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-3839-6r69-m497", "url": "https://github.com/advisories/GHSA-3839-6r69-m497" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2022-0411", "url": "https://pkg.go.dev/vuln/GO-2022-0411" } ], "release_date": "2022-12-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-30T17:18:54+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0542" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be" }, { "acknowledgments": [ { "names": [ "Adam Korczynski" ], "organization": "ADA Logics" }, { "names": [ "OSS-Fuzz" ] } ], "cve": "CVE-2022-2879", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-10-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:e54f1962db7b4580a0e718839cdd15cddabaf3f3a673892cc6fedfd22c04dae7_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f3b1a6f9f2efbce52b32cd93f49034d8451e5b040df7ab64a5bbaa6b5402a0c8_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f6abd9560381220f45a93a66ea93e34b2cadb55feabb9c45ffd48342ac264103_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2132867" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: archive/tar: unbounded memory consumption when reading headers", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le" ], "known_not_affected": [ "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:e54f1962db7b4580a0e718839cdd15cddabaf3f3a673892cc6fedfd22c04dae7_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f3b1a6f9f2efbce52b32cd93f49034d8451e5b040df7ab64a5bbaa6b5402a0c8_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f6abd9560381220f45a93a66ea93e34b2cadb55feabb9c45ffd48342ac264103_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2879" }, { "category": "external", "summary": "RHBZ#2132867", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132867" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2879", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2879" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2879" }, { "category": "external", "summary": "https://github.com/golang/go/issues/54853", "url": "https://github.com/golang/go/issues/54853" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1" } ], "release_date": "2022-10-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-30T17:18:54+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0542" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: archive/tar: unbounded memory consumption when reading headers" }, { "acknowledgments": [ { "names": [ "Daniel Abeles" ], "organization": "Head of Research, Oxeye" }, { "names": [ "Gal Goldstein" ], "organization": "Security Researcher, Oxeye" } ], "cve": "CVE-2022-2880", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2022-10-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:e54f1962db7b4580a0e718839cdd15cddabaf3f3a673892cc6fedfd22c04dae7_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f3b1a6f9f2efbce52b32cd93f49034d8451e5b040df7ab64a5bbaa6b5402a0c8_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f6abd9560381220f45a93a66ea93e34b2cadb55feabb9c45ffd48342ac264103_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2132868" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After the fix, the reverse proxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s form field is set after the reverse proxy. The director function returns, indicating that the proxy has parsed the query parameters. Proxies that do not parse query parameters continue to forward the original query parameters unchanged.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity to exploit this vulnerability is limited to the Golang runtime. In the case of the OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le" ], "known_not_affected": [ "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:e54f1962db7b4580a0e718839cdd15cddabaf3f3a673892cc6fedfd22c04dae7_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f3b1a6f9f2efbce52b32cd93f49034d8451e5b040df7ab64a5bbaa6b5402a0c8_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f6abd9560381220f45a93a66ea93e34b2cadb55feabb9c45ffd48342ac264103_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2880" }, { "category": "external", "summary": "RHBZ#2132868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132868" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2880", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2880" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2880" }, { "category": "external", "summary": "https://github.com/golang/go/issues/54663", "url": "https://github.com/golang/go/issues/54663" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1" } ], "release_date": "2022-10-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-30T17:18:54+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0542" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters" }, { "acknowledgments": [ { "names": [ "John Mazzitelli" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-3962", "cwe": { "id": "CWE-74", "name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)" }, "discovery_date": "2022-11-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:e54f1962db7b4580a0e718839cdd15cddabaf3f3a673892cc6fedfd22c04dae7_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f3b1a6f9f2efbce52b32cd93f49034d8451e5b040df7ab64a5bbaa6b5402a0c8_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f6abd9560381220f45a93a66ea93e34b2cadb55feabb9c45ffd48342ac264103_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2148661" } ], "notes": [ { "category": "description", "text": "A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.", "title": "Vulnerability description" }, { "category": "summary", "text": "kiali: error message spoofing in kiali UI", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le" ], "known_not_affected": [ "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:e54f1962db7b4580a0e718839cdd15cddabaf3f3a673892cc6fedfd22c04dae7_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f3b1a6f9f2efbce52b32cd93f49034d8451e5b040df7ab64a5bbaa6b5402a0c8_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f6abd9560381220f45a93a66ea93e34b2cadb55feabb9c45ffd48342ac264103_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3962" }, { "category": "external", "summary": "RHBZ#2148661", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148661" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3962", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3962" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3962", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3962" } ], "release_date": "2022-11-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-30T17:18:54+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0542" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kiali: error message spoofing in kiali UI" }, { "cve": "CVE-2022-27664", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-09-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:e54f1962db7b4580a0e718839cdd15cddabaf3f3a673892cc6fedfd22c04dae7_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f3b1a6f9f2efbce52b32cd93f49034d8451e5b040df7ab64a5bbaa6b5402a0c8_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f6abd9560381220f45a93a66ea93e34b2cadb55feabb9c45ffd48342ac264103_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2124669" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: handle server errors after sending GOAWAY", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le" ], "known_not_affected": [ "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:e54f1962db7b4580a0e718839cdd15cddabaf3f3a673892cc6fedfd22c04dae7_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f3b1a6f9f2efbce52b32cd93f49034d8451e5b040df7ab64a5bbaa6b5402a0c8_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f6abd9560381220f45a93a66ea93e34b2cadb55feabb9c45ffd48342ac264103_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-27664" }, { "category": "external", "summary": "RHBZ#2124669", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-27664", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27664" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664" }, { "category": "external", "summary": "https://go.dev/issue/54658", "url": "https://go.dev/issue/54658" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ" } ], "release_date": "2022-09-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-30T17:18:54+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0542" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: handle server errors after sending GOAWAY" }, { "cve": "CVE-2022-32189", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-08-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:e54f1962db7b4580a0e718839cdd15cddabaf3f3a673892cc6fedfd22c04dae7_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f3b1a6f9f2efbce52b32cd93f49034d8451e5b040df7ab64a5bbaa6b5402a0c8_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f6abd9560381220f45a93a66ea93e34b2cadb55feabb9c45ffd48342ac264103_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2113814" } ], "notes": [ { "category": "description", "text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le" ], "known_not_affected": [ "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:e54f1962db7b4580a0e718839cdd15cddabaf3f3a673892cc6fedfd22c04dae7_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f3b1a6f9f2efbce52b32cd93f49034d8451e5b040df7ab64a5bbaa6b5402a0c8_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f6abd9560381220f45a93a66ea93e34b2cadb55feabb9c45ffd48342ac264103_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-32189" }, { "category": "external", "summary": "RHBZ#2113814", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189", "url": "https://www.cve.org/CVERecord?id=CVE-2022-32189" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189" }, { "category": "external", "summary": "https://go.dev/issue/53871", "url": "https://go.dev/issue/53871" }, { "category": "external", "summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU", "url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU" } ], "release_date": "2022-08-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-30T17:18:54+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0542" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service" }, { "cve": "CVE-2022-39278", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-10-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:e54f1962db7b4580a0e718839cdd15cddabaf3f3a673892cc6fedfd22c04dae7_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f3b1a6f9f2efbce52b32cd93f49034d8451e5b040df7ab64a5bbaa6b5402a0c8_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f6abd9560381220f45a93a66ea93e34b2cadb55feabb9c45ffd48342ac264103_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2148199" } ], "notes": [ { "category": "description", "text": "An uncontrolled resource consumption flaw was found in the Istio control plane, istiod. This issue could allow an unauthenticated remote attacker to send a specially crafted or oversized message that could cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "Istio: Denial of service attack via a specially crafted message", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x" ], "known_not_affected": [ "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:e54f1962db7b4580a0e718839cdd15cddabaf3f3a673892cc6fedfd22c04dae7_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f3b1a6f9f2efbce52b32cd93f49034d8451e5b040df7ab64a5bbaa6b5402a0c8_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f6abd9560381220f45a93a66ea93e34b2cadb55feabb9c45ffd48342ac264103_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-39278" }, { "category": "external", "summary": "RHBZ#2148199", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148199" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-39278", "url": "https://www.cve.org/CVERecord?id=CVE-2022-39278" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-39278", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39278" }, { "category": "external", "summary": "https://github.com/istio/istio/security/advisories/GHSA-86vr-4wcv-mm9w", "url": "https://github.com/istio/istio/security/advisories/GHSA-86vr-4wcv-mm9w" }, { "category": "external", "summary": "https://istio.io/latest/news/security/istio-security-2022-007/", "url": "https://istio.io/latest/news/security/istio-security-2022-007/" } ], "release_date": "2022-10-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-30T17:18:54+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0542" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Istio: Denial of service attack via a specially crafted message" }, { "acknowledgments": [ { "names": [ "Adam Korczynski" ], "organization": "ADA Logics" }, { "names": [ "OSS-Fuzz" ] } ], "cve": "CVE-2022-41715", "discovery_date": "2022-10-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:e54f1962db7b4580a0e718839cdd15cddabaf3f3a673892cc6fedfd22c04dae7_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f3b1a6f9f2efbce52b32cd93f49034d8451e5b040df7ab64a5bbaa6b5402a0c8_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f6abd9560381220f45a93a66ea93e34b2cadb55feabb9c45ffd48342ac264103_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2132872" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as 40,000, making a relatively small regexp consume larger amounts of memory. After the fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Routine use of regular expressions is unaffected.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: regexp/syntax: limit memory used by parsing regexps", "title": "Vulnerability summary" }, { "category": "other", "text": "The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. There are multiple layers of guide rails (Golang\u2019s Garbage Collector; OpenShift\u2019s resource constraints imposed at the container and cluster levels) which would require a malicious user to continue submitting attacks for there to be any enduring impact. They would also need access to external server resources to be able to send a massive volume of requests to cause a significant impact on server operations.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le" ], "known_not_affected": [ "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:5dfa0bcc7229240a63b0f2827ff8b8a89d67e338e997003ecf0519a124ea60c9_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:75ae154f741911e2b514fee0ae344c3da1d10f52ee2b96705ddbc08580e02b50_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/grafana-rhel8@sha256:85bc34ec14e604e1d2aa23a78f30cceb8e39d9c4cb5d3f50abb20285398116f4_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:617e3802d60b6ccdd0a9d99d72d6917644664c0c40ba3a53c54ce2b8d8c73383_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:c93481d8b8768f4e18f0ca43cbfaee1a27ce2ca6122f2505302b8f899b039efb_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-must-gather-rhel8@sha256:f49446872837dbb08f5f60bbec882ac0a042f344dd2ce42588aad5bc4e987773_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:e54f1962db7b4580a0e718839cdd15cddabaf3f3a673892cc6fedfd22c04dae7_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f3b1a6f9f2efbce52b32cd93f49034d8451e5b040df7ab64a5bbaa6b5402a0c8_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8-operator@sha256:f6abd9560381220f45a93a66ea93e34b2cadb55feabb9c45ffd48342ac264103_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:0e3ae1aa2219d8de710ace3511b43ba4c51de1f4f1ee5800923a7cd2922c39f8_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:ef8552429ef57e8aca62643443692f29bd5cba6fa987375a6e8e74e6bc2e93f4_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/kiali-rhel8@sha256:f3febe52ab74ed6173f603315c48611de3de5e60a40312df9971fee901c54984_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41715" }, { "category": "external", "summary": "RHBZ#2132872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132872" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41715", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41715" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715" }, { "category": "external", "summary": "https://github.com/golang/go/issues/55949", "url": "https://github.com/golang/go/issues/55949" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1" } ], "release_date": "2022-10-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-30T17:18:54+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0542" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:0fcec6ec95a42d4f51260843d7646ccdcfcb6ee33f7da53178e080acb11d9db8_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:3fa9449daa00266fc428a9a83c880567ae162600bcfb7b545706aa2b02587e6c_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-cni-rhel8@sha256:a39c492781b5bb2f42ffd10c994a8ee80e67bcfe9ad1f27852095af72ef4efef_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:afabcf0da6779927c712a1f17a6f2813652d6f2591d14b338d7498e6412c5f94_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:c86d69ba6b201c3ba0bb2bb4cba1d3b50170bdd74bdf59cb73542960df40873a_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/istio-rhel8-operator@sha256:ebbf0c175574c323e2434e1150210758bb8591cf044f6467c64ed1795e741f14_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:1b163f346b6cd925a092c529050eb241b4e68432d65dbaf728c1d83450462c12_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:8792677bd15a8b3e7bf593fb4057c63930eb89d50072774908bb5df3761dbcc1_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/pilot-rhel8@sha256:e086f4f26ba7d4392dc127bbba7ac065e0a24d51e9cd21d04b7beb4de2fc38d6_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:721ab4359de7a70f5b3832a387e4ff18c98f8d2cfd1efd934bd1116cd68fdf29_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8f7ec7a5e1e12c111e1e7021ed3a15f618df928320612edd8bd5afa43243b7d5_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/prometheus-rhel8@sha256:8fd4970929196a9cece5e881785f49bebcb7372f045f455d64a4cc20924ebdbf_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:0c232efe123daef18fd2025236c7fa43d58dd261afabe30537ad71e6e01b90d3_ppc64le", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:7268afc10ac20b12b69426be691afe20395ed9a278850e4ea1f672b50f83299a_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/proxyv2-rhel8@sha256:99b524381910c0f0b6979107795b30171b7a823d9af4cd80cb44f846a64868f0_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2882d2ef3e926340bf0d98958adad4d7933bdc9145417e362a1c95627c3fed45_amd64", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:2ce08569c5cac0d137554f6d9a224d243f76a16f86eaa94ea77dfea5889218af_s390x", "8Base-RHOSSM-2.3:openshift-service-mesh/ratelimit-rhel8@sha256:4cd6d47d20af9bc294fe0223dffa5c06d78ecc512ba07d9e0064f6d2e43bd6c4_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: regexp/syntax: limit memory used by parsing regexps" } ] }
gsd-2022-39278
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted or oversized message which results in the control plane crashing when the Kubernetes validating or mutating webhook service is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially external istiod topologies, this port is exposed over the public internet. Versions 1.15.2, 1.14.5, and 1.13.9 contain patches for this issue. There are no effective workarounds, beyond upgrading. This bug is due to an error in `regexp.Compile` in Go.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2022-39278", "description": "Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted or oversized message which results in the control plane crashing when the Kubernetes validating or mutating webhook service is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially external istiod topologies, this port is exposed over the public internet. Versions 1.15.2, 1.14.5, and 1.13.9 contain patches for this issue. There are no effective workarounds, beyond upgrading. This bug is due to an error in `regexp.Compile` in Go.", "id": "GSD-2022-39278", "references": [ "https://access.redhat.com/errata/RHSA-2023:0542" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2022-39278" ], "details": "Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted or oversized message which results in the control plane crashing when the Kubernetes validating or mutating webhook service is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially external istiod topologies, this port is exposed over the public internet. Versions 1.15.2, 1.14.5, and 1.13.9 contain patches for this issue. There are no effective workarounds, beyond upgrading. This bug is due to an error in `regexp.Compile` in Go.", "id": "GSD-2022-39278", "modified": "2023-12-13T01:19:20.927333Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-39278", "STATE": "PUBLIC", "TITLE": "Istio vulnerable to denial of service attack due to Golang Regex Library" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "istio", "version": { "version_data": [ { "version_value": "\u003c 1.13.9" }, { "version_value": "\u003e= 1.14.0, \u003c 1.14.5" }, { "version_value": "\u003e= 1.15.0, \u003c 1.15.2" } ] } } ] }, "vendor_name": "istio" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted or oversized message which results in the control plane crashing when the Kubernetes validating or mutating webhook service is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially external istiod topologies, this port is exposed over the public internet. Versions 1.15.2, 1.14.5, and 1.13.9 contain patches for this issue. There are no effective workarounds, beyond upgrading. This bug is due to an error in `regexp.Compile` in Go." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-400: Uncontrolled Resource Consumption" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/istio/istio/security/advisories/GHSA-86vr-4wcv-mm9w", "refsource": "CONFIRM", "url": "https://github.com/istio/istio/security/advisories/GHSA-86vr-4wcv-mm9w" }, { "name": "https://istio.io/latest/news/releases/1.13.x/announcing-1.13.9/", "refsource": "MISC", "url": "https://istio.io/latest/news/releases/1.13.x/announcing-1.13.9/" }, { "name": "https://istio.io/latest/news/releases/1.15.x/announcing-1.15.2/", "refsource": "MISC", "url": "https://istio.io/latest/news/releases/1.15.x/announcing-1.15.2/" }, { "name": "https://istio.io/news/releases/1.14.x/announcing-1.14.5/", "refsource": "MISC", "url": "https://istio.io/news/releases/1.14.x/announcing-1.14.5/" } ] }, "source": { "advisory": "GHSA-86vr-4wcv-mm9w", "discovery": "UNKNOWN" } }, "gitlab.com": { "advisories": [ { "affected_range": "\u003c1.13.9||\u003e=1.14.0 \u003c1.14.5||\u003e=1.15.0 \u003c1.15.2", "affected_versions": "All versions before 1.13.9, all versions starting from 1.14.0 before 1.14.5, all versions starting from 1.15.0 before 1.15.2", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cwe_ids": [ "CWE-1035", "CWE-400", "CWE-937" ], "date": "2022-10-19", "description": "Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted or oversized message which results in the control plane crashing when the Kubernetes validating or mutating webhook service is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially external istiod topologies, this port is exposed over the public internet. Versions 1.15.2, 1.14.5, and 1.13.9 contain patches for this issue. There are no effective workarounds, beyond upgrading. This bug is due to an error in `regexp.Compile` in Go.", "fixed_versions": [ "1.13.9", "1.14.5", "1.15.2" ], "identifier": "CVE-2022-39278", "identifiers": [ "CVE-2022-39278", "GHSA-86vr-4wcv-mm9w" ], "not_impacted": "All versions starting from 1.13.9 before 1.14.0, all versions starting from 1.14.5 before 1.15.0, all versions starting from 1.15.2", "package_slug": "go/github.com/istio/istio", "pubdate": "2022-10-13", "solution": "Upgrade to versions 1.13.9, 1.14.5, 1.15.2 or above.", "title": "Uncontrolled Resource Consumption", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2022-39278", "https://istio.io/latest/news/releases/1.13.x/announcing-1.13.9/", "https://github.com/istio/istio/security/advisories/GHSA-86vr-4wcv-mm9w", "https://istio.io/latest/news/releases/1.15.x/announcing-1.15.2/", "https://istio.io/news/releases/1.14.x/announcing-1.14.5/" ], "uuid": "928f5fba-84f6-4cdb-9904-54c60486f35c" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.15.2", "versionStartIncluding": "1.15.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.14.5", "versionStartIncluding": "1.14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.13.9", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-39278" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted or oversized message which results in the control plane crashing when the Kubernetes validating or mutating webhook service is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially external istiod topologies, this port is exposed over the public internet. Versions 1.15.2, 1.14.5, and 1.13.9 contain patches for this issue. There are no effective workarounds, beyond upgrading. This bug is due to an error in `regexp.Compile` in Go." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-400" } ] } ] }, "references": { "reference_data": [ { "name": "https://istio.io/latest/news/releases/1.13.x/announcing-1.13.9/", "refsource": "MISC", "tags": [ "Third Party Advisory" ], "url": "https://istio.io/latest/news/releases/1.13.x/announcing-1.13.9/" }, { "name": "https://github.com/istio/istio/security/advisories/GHSA-86vr-4wcv-mm9w", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://github.com/istio/istio/security/advisories/GHSA-86vr-4wcv-mm9w" }, { "name": "https://istio.io/latest/news/releases/1.15.x/announcing-1.15.2/", "refsource": "MISC", "tags": [ "Third Party Advisory" ], "url": "https://istio.io/latest/news/releases/1.15.x/announcing-1.15.2/" }, { "name": "https://istio.io/news/releases/1.14.x/announcing-1.14.5/", "refsource": "MISC", "tags": [ "Third Party Advisory" ], "url": "https://istio.io/news/releases/1.14.x/announcing-1.14.5/" } ] } }, "impact": { "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } }, "lastModifiedDate": "2022-10-19T14:24Z", "publishedDate": "2022-10-13T23:15Z" } } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.