Vulnerability-Lookup

RHSA-2021:4104

Vulnerability from csaf_redhat - Published: 2021-11-02 15:55 - Updated: 2026-04-29 17:59

Summary

Red Hat Security Advisory: OpenShift Virtualization 4.9.0 Images security and bug fix update

Severity

Moderate

Notes

Topic: Red Hat OpenShift Virtualization release 4.9.0 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.9.0 images: RHEL-8-CNV-4.9 ============== kubevirt-v2v-conversion-container-v4.9.0-9 vm-import-controller-container-v4.9.0-15 cnv-containernetworking-plugins-container-v4.9.0-15 kubemacpool-container-v4.9.0-18 virtio-win-container-v4.9.0-8 vm-import-operator-container-v4.9.0-15 kubevirt-vmware-container-v4.9.0-8 kubevirt-template-validator-container-v4.9.0-14 cluster-network-addons-operator-container-v4.9.0-26 kubernetes-nmstate-handler-container-v4.9.0-25 node-maintenance-operator-container-v4.9.0-13 hostpath-provisioner-container-v4.9.0-6 bridge-marker-container-v4.9.0-13 kubevirt-ssp-operator-container-v4.9.0-28 ovs-cni-marker-container-v4.9.0-16 ovs-cni-plugin-container-v4.9.0-16 vm-import-virtv2v-container-v4.9.0-15 virt-cdi-apiserver-container-v4.9.0-35 virt-cdi-cloner-container-v4.9.0-35 virt-cdi-uploadproxy-container-v4.9.0-35 virt-cdi-controller-container-v4.9.0-35 hostpath-provisioner-operator-container-v4.9.0-15 virt-cdi-importer-container-v4.9.0-35 virt-cdi-uploadserver-container-v4.9.0-35 virt-cdi-operator-container-v4.9.0-35 virt-launcher-container-v4.9.0-58 virt-api-container-v4.9.0-58 virt-handler-container-v4.9.0-58 virt-operator-container-v4.9.0-58 virt-controller-container-v4.9.0-58 virt-artifacts-server-container-v4.9.0-58 libguestfs-tools-container-v4.9.0-58 cnv-must-gather-container-v4.9.0-54 hyperconverged-cluster-operator-container-v4.9.0-57 hyperconverged-cluster-webhook-container-v4.9.0-57 hco-bundle-registry-container-v4.9.0-249 Security Fix(es): * gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121) * golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525) * golang: net: lookup functions may return invalid host names (CVE-2021-33195) * golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197) * golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198) * golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2021-3121

A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this vulnerability is to availability.

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE-129 - Improper Validation of Array Index

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64	—	Vendor Fix fix

Known not affected 33 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64		—

Threats

Impact Important

CVE-2021-31525

A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 27 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64	—	Vendor Fix fix

Known not affected 11 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64		—

Threats

Impact Moderate

CVE-2021-33195

A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-20 - Improper Input Validation

Affected products

Fixed 8 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64	—	Vendor Fix fix

Known not affected 30 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64		—

Threats

Impact Moderate

CVE-2021-33197

A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-20 - Improper Input Validation

Affected products

Fixed 8 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64	—	Vendor Fix fix

Known not affected 30 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64		—

Threats

Impact Moderate

CVE-2021-33198

A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 8 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64	—	Vendor Fix fix

Known not affected 30 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64		—
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64		—

Threats

Impact Moderate

CVE-2021-34558

A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0–1.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-20 - Improper Input Validation

Affected products

Fixed 8 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64	—	Vendor Fix fix Workaround

Known not affected 30 products

Product	Version	Remediation
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64	—	Workaround
Unresolved product id: 8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64	—	Workaround

Threats

Impact Low

References

90 references

URL	Category
https://access.redhat.com/errata/RHSA-2021:4104	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1858777	external
https://bugzilla.redhat.com/show_bug.cgi?id=1891921	external
https://bugzilla.redhat.com/show_bug.cgi?id=1896469	external
https://bugzilla.redhat.com/show_bug.cgi?id=1903687	external
https://bugzilla.redhat.com/show_bug.cgi?id=1921650	external
https://bugzilla.redhat.com/show_bug.cgi?id=1933043	external
https://bugzilla.redhat.com/show_bug.cgi?id=1935219	external
https://bugzilla.redhat.com/show_bug.cgi?id=1942726	external
https://bugzilla.redhat.com/show_bug.cgi?id=1943164	external
https://bugzilla.redhat.com/show_bug.cgi?id=1945589	external
https://bugzilla.redhat.com/show_bug.cgi?id=1953481	external
https://bugzilla.redhat.com/show_bug.cgi?id=1953483	external
https://bugzilla.redhat.com/show_bug.cgi?id=1953484	external
https://bugzilla.redhat.com/show_bug.cgi?id=1955129	external
https://bugzilla.redhat.com/show_bug.cgi?id=1957852	external
https://bugzilla.redhat.com/show_bug.cgi?id=1958341	external
https://bugzilla.redhat.com/show_bug.cgi?id=1963963	external
https://bugzilla.redhat.com/show_bug.cgi?id=1965050	external
https://bugzilla.redhat.com/show_bug.cgi?id=1973852	external
https://bugzilla.redhat.com/show_bug.cgi?id=1976604	external
https://bugzilla.redhat.com/show_bug.cgi?id=1976730	external
https://bugzilla.redhat.com/show_bug.cgi?id=1979631	external
https://bugzilla.redhat.com/show_bug.cgi?id=1979659	external
https://bugzilla.redhat.com/show_bug.cgi?id=1981345	external
https://bugzilla.redhat.com/show_bug.cgi?id=1983596	external
https://bugzilla.redhat.com/show_bug.cgi?id=1985083	external
https://bugzilla.redhat.com/show_bug.cgi?id=1985649	external
https://bugzilla.redhat.com/show_bug.cgi?id=1985670	external
https://bugzilla.redhat.com/show_bug.cgi?id=1985719	external
https://bugzilla.redhat.com/show_bug.cgi?id=1989176	external
https://bugzilla.redhat.com/show_bug.cgi?id=1989263	external
https://bugzilla.redhat.com/show_bug.cgi?id=1989269	external
https://bugzilla.redhat.com/show_bug.cgi?id=1989564	external
https://bugzilla.redhat.com/show_bug.cgi?id=1989570	external
https://bugzilla.redhat.com/show_bug.cgi?id=1989575	external
https://bugzilla.redhat.com/show_bug.cgi?id=1991691	external
https://bugzilla.redhat.com/show_bug.cgi?id=1992608	external
https://bugzilla.redhat.com/show_bug.cgi?id=1993121	external
https://bugzilla.redhat.com/show_bug.cgi?id=1994389	external
https://bugzilla.redhat.com/show_bug.cgi?id=1995295	external
https://bugzilla.redhat.com/show_bug.cgi?id=1996407	external
https://bugzilla.redhat.com/show_bug.cgi?id=1997014	external
https://bugzilla.redhat.com/show_bug.cgi?id=1998054	external
https://bugzilla.redhat.com/show_bug.cgi?id=1998656	external
https://bugzilla.redhat.com/show_bug.cgi?id=1999571	external
https://bugzilla.redhat.com/show_bug.cgi?id=1999617	external
https://bugzilla.redhat.com/show_bug.cgi?id=1999835	external
https://bugzilla.redhat.com/show_bug.cgi?id=2000052	external
https://bugzilla.redhat.com/show_bug.cgi?id=2000204	external
https://bugzilla.redhat.com/show_bug.cgi?id=2001041	external
https://bugzilla.redhat.com/show_bug.cgi?id=2001047	external
https://bugzilla.redhat.com/show_bug.cgi?id=2003473	external
https://bugzilla.redhat.com/show_bug.cgi?id=2005695	external
https://bugzilla.redhat.com/show_bug.cgi?id=2006418	external
https://bugzilla.redhat.com/show_bug.cgi?id=2008900	external
https://bugzilla.redhat.com/show_bug.cgi?id=2010742	external
https://bugzilla.redhat.com/show_bug.cgi?id=2011179	external
https://bugzilla.redhat.com/show_bug.cgi?id=2017394	external
https://bugzilla.redhat.com/show_bug.cgi?id=2018521	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2021-3121	self
https://bugzilla.redhat.com/show_bug.cgi?id=1921650	external
https://www.cve.org/CVERecord?id=CVE-2021-3121	external
https://nvd.nist.gov/vuln/detail/CVE-2021-3121	external
https://access.redhat.com/security/cve/CVE-2021-31525	self
https://bugzilla.redhat.com/show_bug.cgi?id=1958341	external
https://www.cve.org/CVERecord?id=CVE-2021-31525	external
https://nvd.nist.gov/vuln/detail/CVE-2021-31525	external
https://groups.google.com/g/golang-announce/c/cu9…	external
https://access.redhat.com/security/cve/CVE-2021-33195	self
https://bugzilla.redhat.com/show_bug.cgi?id=1989564	external
https://www.cve.org/CVERecord?id=CVE-2021-33195	external
https://nvd.nist.gov/vuln/detail/CVE-2021-33195	external
https://groups.google.com/g/golang-announce/c/RgC…	external
https://access.redhat.com/security/cve/CVE-2021-33197	self
https://bugzilla.redhat.com/show_bug.cgi?id=1989570	external
https://www.cve.org/CVERecord?id=CVE-2021-33197	external
https://nvd.nist.gov/vuln/detail/CVE-2021-33197	external
https://access.redhat.com/security/cve/CVE-2021-33198	self
https://bugzilla.redhat.com/show_bug.cgi?id=1989575	external
https://www.cve.org/CVERecord?id=CVE-2021-33198	external
https://nvd.nist.gov/vuln/detail/CVE-2021-33198	external
https://access.redhat.com/security/cve/CVE-2021-34558	self
https://bugzilla.redhat.com/show_bug.cgi?id=1983596	external
https://www.cve.org/CVERecord?id=CVE-2021-34558	external
https://nvd.nist.gov/vuln/detail/CVE-2021-34558	external
https://golang.org/doc/devel/release#go1.15.minor	external
https://golang.org/doc/devel/release#go1.16.minor	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat OpenShift Virtualization release 4.9.0 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 4.9.0 images:\n\nRHEL-8-CNV-4.9\n==============\nkubevirt-v2v-conversion-container-v4.9.0-9\nvm-import-controller-container-v4.9.0-15\ncnv-containernetworking-plugins-container-v4.9.0-15\nkubemacpool-container-v4.9.0-18\nvirtio-win-container-v4.9.0-8\nvm-import-operator-container-v4.9.0-15\nkubevirt-vmware-container-v4.9.0-8\nkubevirt-template-validator-container-v4.9.0-14\ncluster-network-addons-operator-container-v4.9.0-26\nkubernetes-nmstate-handler-container-v4.9.0-25\nnode-maintenance-operator-container-v4.9.0-13\nhostpath-provisioner-container-v4.9.0-6\nbridge-marker-container-v4.9.0-13\nkubevirt-ssp-operator-container-v4.9.0-28\novs-cni-marker-container-v4.9.0-16\novs-cni-plugin-container-v4.9.0-16\nvm-import-virtv2v-container-v4.9.0-15\nvirt-cdi-apiserver-container-v4.9.0-35\nvirt-cdi-cloner-container-v4.9.0-35\nvirt-cdi-uploadproxy-container-v4.9.0-35\nvirt-cdi-controller-container-v4.9.0-35\nhostpath-provisioner-operator-container-v4.9.0-15\nvirt-cdi-importer-container-v4.9.0-35\nvirt-cdi-uploadserver-container-v4.9.0-35\nvirt-cdi-operator-container-v4.9.0-35\nvirt-launcher-container-v4.9.0-58\nvirt-api-container-v4.9.0-58\nvirt-handler-container-v4.9.0-58\nvirt-operator-container-v4.9.0-58\nvirt-controller-container-v4.9.0-58\nvirt-artifacts-server-container-v4.9.0-58\nlibguestfs-tools-container-v4.9.0-58\ncnv-must-gather-container-v4.9.0-54\nhyperconverged-cluster-operator-container-v4.9.0-57\nhyperconverged-cluster-webhook-container-v4.9.0-57\nhco-bundle-registry-container-v4.9.0-249\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n\n* golang: net: lookup functions may return invalid host names (CVE-2021-33195)\n\n* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)\n\n* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:4104",
        "url": "https://access.redhat.com/errata/RHSA-2021:4104"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1858777",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1858777"
      },
      {
        "category": "external",
        "summary": "1891921",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891921"
      },
      {
        "category": "external",
        "summary": "1896469",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1896469"
      },
      {
        "category": "external",
        "summary": "1903687",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903687"
      },
      {
        "category": "external",
        "summary": "1921650",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650"
      },
      {
        "category": "external",
        "summary": "1933043",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1933043"
      },
      {
        "category": "external",
        "summary": "1935219",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935219"
      },
      {
        "category": "external",
        "summary": "1942726",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942726"
      },
      {
        "category": "external",
        "summary": "1943164",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943164"
      },
      {
        "category": "external",
        "summary": "1945589",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945589"
      },
      {
        "category": "external",
        "summary": "1953481",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953481"
      },
      {
        "category": "external",
        "summary": "1953483",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953483"
      },
      {
        "category": "external",
        "summary": "1953484",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953484"
      },
      {
        "category": "external",
        "summary": "1955129",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955129"
      },
      {
        "category": "external",
        "summary": "1957852",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957852"
      },
      {
        "category": "external",
        "summary": "1958341",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341"
      },
      {
        "category": "external",
        "summary": "1963963",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1963963"
      },
      {
        "category": "external",
        "summary": "1965050",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965050"
      },
      {
        "category": "external",
        "summary": "1973852",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973852"
      },
      {
        "category": "external",
        "summary": "1976604",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1976604"
      },
      {
        "category": "external",
        "summary": "1976730",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1976730"
      },
      {
        "category": "external",
        "summary": "1979631",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1979631"
      },
      {
        "category": "external",
        "summary": "1979659",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1979659"
      },
      {
        "category": "external",
        "summary": "1981345",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981345"
      },
      {
        "category": "external",
        "summary": "1983596",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596"
      },
      {
        "category": "external",
        "summary": "1985083",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1985083"
      },
      {
        "category": "external",
        "summary": "1985649",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1985649"
      },
      {
        "category": "external",
        "summary": "1985670",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1985670"
      },
      {
        "category": "external",
        "summary": "1985719",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1985719"
      },
      {
        "category": "external",
        "summary": "1989176",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989176"
      },
      {
        "category": "external",
        "summary": "1989263",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989263"
      },
      {
        "category": "external",
        "summary": "1989269",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989269"
      },
      {
        "category": "external",
        "summary": "1989564",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564"
      },
      {
        "category": "external",
        "summary": "1989570",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570"
      },
      {
        "category": "external",
        "summary": "1989575",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575"
      },
      {
        "category": "external",
        "summary": "1991691",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991691"
      },
      {
        "category": "external",
        "summary": "1992608",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992608"
      },
      {
        "category": "external",
        "summary": "1993121",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1993121"
      },
      {
        "category": "external",
        "summary": "1994389",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994389"
      },
      {
        "category": "external",
        "summary": "1995295",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995295"
      },
      {
        "category": "external",
        "summary": "1996407",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996407"
      },
      {
        "category": "external",
        "summary": "1997014",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997014"
      },
      {
        "category": "external",
        "summary": "1998054",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1998054"
      },
      {
        "category": "external",
        "summary": "1998656",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1998656"
      },
      {
        "category": "external",
        "summary": "1999571",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999571"
      },
      {
        "category": "external",
        "summary": "1999617",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999617"
      },
      {
        "category": "external",
        "summary": "1999835",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999835"
      },
      {
        "category": "external",
        "summary": "2000052",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000052"
      },
      {
        "category": "external",
        "summary": "2000204",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000204"
      },
      {
        "category": "external",
        "summary": "2001041",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2001041"
      },
      {
        "category": "external",
        "summary": "2001047",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2001047"
      },
      {
        "category": "external",
        "summary": "2003473",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2003473"
      },
      {
        "category": "external",
        "summary": "2005695",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005695"
      },
      {
        "category": "external",
        "summary": "2006418",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006418"
      },
      {
        "category": "external",
        "summary": "2008900",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008900"
      },
      {
        "category": "external",
        "summary": "2010742",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010742"
      },
      {
        "category": "external",
        "summary": "2011179",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011179"
      },
      {
        "category": "external",
        "summary": "2017394",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2017394"
      },
      {
        "category": "external",
        "summary": "2018521",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018521"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4104.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Virtualization 4.9.0 Images security and bug fix update",
    "tracking": {
      "current_release_date": "2026-04-29T17:59:03+00:00",
      "generator": {
        "date": "2026-04-29T17:59:03+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.7"
        }
      },
      "id": "RHSA-2021:4104",
      "initial_release_date": "2021-11-02T15:55:53+00:00",
      "revision_history": [
        {
          "date": "2021-11-02T15:55:53+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-11-02T15:55:53+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-29T17:59:03+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "CNV 4.9 for RHEL 8",
                "product": {
                  "name": "CNV 4.9 for RHEL 8",
                  "product_id": "8Base-CNV-4.9",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:container_native_virtualization:4.9::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "OpenShift Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64",
                "product": {
                  "name": "container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64",
                  "product_id": "container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/bridge-marker\u0026tag=v4.9.0-13"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64",
                "product": {
                  "name": "container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64",
                  "product_id": "container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator\u0026tag=v4.9.0-27"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64",
                "product": {
                  "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64",
                  "product_id": "container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins\u0026tag=v4.9.0-15"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64",
                "product": {
                  "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64",
                  "product_id": "container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8\u0026tag=v4.9.0-60"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64",
                "product": {
                  "name": "container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64",
                  "product_id": "container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry\u0026tag=v4.9.0-266"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64",
                "product": {
                  "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64",
                  "product_id": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8\u0026tag=v4.9.0-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64",
                "product": {
                  "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64",
                  "product_id": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator\u0026tag=v4.9.0-15"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64",
                "product": {
                  "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64",
                  "product_id": "container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator\u0026tag=v4.9.0-59"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64",
                "product": {
                  "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64",
                  "product_id": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8\u0026tag=v4.9.0-59"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64",
                "product": {
                  "name": "container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64",
                  "product_id": "container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubemacpool\u0026tag=v4.9.0-19"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64",
                "product": {
                  "name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64",
                  "product_id": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubernetes-nmstate-handler-rhel8\u0026tag=v4.9.0-25"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64",
                  "product_id": "container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator\u0026tag=v4.9.0-28"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64",
                  "product_id": "container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator\u0026tag=v4.9.0-14"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64",
                  "product_id": "container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-v2v-conversion\u0026tag=v4.9.0-9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64",
                "product": {
                  "name": "container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64",
                  "product_id": "container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-vmware\u0026tag=v4.9.0-8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
                "product": {
                  "name": "container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
                  "product_id": "container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools\u0026tag=v4.9.0-61"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
                "product": {
                  "name": "container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
                  "product_id": "container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools-rhel8\u0026tag=v4.9.0-61"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64",
                "product": {
                  "name": "container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64",
                  "product_id": "container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/node-maintenance-operator\u0026tag=v4.9.0-13"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64",
                "product": {
                  "name": "container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64",
                  "product_id": "container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker\u0026tag=v4.9.0-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64",
                "product": {
                  "name": "container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64",
                  "product_id": "container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin\u0026tag=v4.9.0-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64",
                  "product_id": "container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-api\u0026tag=v4.9.0-61"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
                  "product_id": "container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server\u0026tag=v4.9.0-61"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
                  "product_id": "container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server-rhel8\u0026tag=v4.9.0-61"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64",
                  "product_id": "container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver\u0026tag=v4.9.0-37"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64",
                  "product_id": "container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner\u0026tag=v4.9.0-37"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64",
                  "product_id": "container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller\u0026tag=v4.9.0-37"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64",
                  "product_id": "container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer\u0026tag=v4.9.0-37"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64",
                  "product_id": "container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator\u0026tag=v4.9.0-37"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64",
                  "product_id": "container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy\u0026tag=v4.9.0-37"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64",
                  "product_id": "container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver\u0026tag=v4.9.0-37"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64",
                  "product_id": "container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-controller\u0026tag=v4.9.0-61"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64",
                  "product_id": "container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-handler\u0026tag=v4.9.0-61"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64",
                "product": {
                  "name": "container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64",
                  "product_id": "container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virtio-win\u0026tag=v4.9.0-8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64",
                  "product_id": "container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-launcher\u0026tag=v4.9.0-61"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64",
                "product": {
                  "name": "container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64",
                  "product_id": "container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-operator\u0026tag=v4.9.0-61"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64",
                "product": {
                  "name": "container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64",
                  "product_id": "container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-controller-rhel8\u0026tag=v4.9.0-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64",
                "product": {
                  "name": "container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64",
                  "product_id": "container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-operator-rhel8\u0026tag=v4.9.0-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64",
                "product": {
                  "name": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64",
                  "product_id": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-virtv2v-rhel8\u0026tag=v4.9.0-16"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64"
        },
        "product_reference": "container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64"
        },
        "product_reference": "container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64"
        },
        "product_reference": "container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64"
        },
        "product_reference": "container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64"
        },
        "product_reference": "container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64"
        },
        "product_reference": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64"
        },
        "product_reference": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64"
        },
        "product_reference": "container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64"
        },
        "product_reference": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64"
        },
        "product_reference": "container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64"
        },
        "product_reference": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64"
        },
        "product_reference": "container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64"
        },
        "product_reference": "container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64"
        },
        "product_reference": "container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64"
        },
        "product_reference": "container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64"
        },
        "product_reference": "container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64"
        },
        "product_reference": "container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64"
        },
        "product_reference": "container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64"
        },
        "product_reference": "container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64"
        },
        "product_reference": "container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64"
        },
        "product_reference": "container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64"
        },
        "product_reference": "container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64"
        },
        "product_reference": "container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64"
        },
        "product_reference": "container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64"
        },
        "product_reference": "container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64"
        },
        "product_reference": "container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64"
        },
        "product_reference": "container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64"
        },
        "product_reference": "container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64"
        },
        "product_reference": "container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64"
        },
        "product_reference": "container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64"
        },
        "product_reference": "container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64"
        },
        "product_reference": "container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64"
        },
        "product_reference": "container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64"
        },
        "product_reference": "container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64 as a component of CNV 4.9 for RHEL 8",
          "product_id": "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64"
        },
        "product_reference": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64",
        "relates_to_product_reference": "8Base-CNV-4.9"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-3121",
      "cwe": {
        "id": "CWE-129",
        "name": "Improper Validation of Array Index"
      },
      "discovery_date": "2021-01-28T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64",
            "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
            "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
            "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64",
            "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1921650"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this vulnerability is to availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Jaeger (RHOSJ) all include code generated by github.com/gogo/protobuf to parse protobuf messages. However, no component is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate for OCP, OSSM and RHOSJ.\n\nOpenShift Virtualization includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no component of OpenShift Virtualization is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no RHACM component is accepting  protobuf messages from unauthenticated sources and are used with a limited scope, hence this vulnerability is rated Moderate for RHACM.\n\nRed Hat Cluster Application Migration (CAM) includes code generated by github.com/gogo/protobuf to parse protobuf messages. However, no CAM component is known to accept protobuf messages from unauthenticated sources, hence this vulnerability is rated Moderate for CAM.\n\nCryostat-2 is affected as it does ship gogo/protobuf library with it\u0027s distribution but the only use for Protobuf would be the Kubernetes/OpenShift API server the operator communicates with and it should be authenticated hence it is affected with Moderate impact.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64",
          "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64",
          "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64",
          "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64",
          "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64",
          "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64",
          "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64",
          "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64",
          "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64",
          "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
          "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
          "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64",
          "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64",
          "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64",
          "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64",
          "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-3121"
        },
        {
          "category": "external",
          "summary": "RHBZ#1921650",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921650"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3121",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3121"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121"
        }
      ],
      "release_date": "2021-01-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-11-02T15:55:53+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64",
            "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:4104"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64",
            "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
            "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
            "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64",
            "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64",
            "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation"
    },
    {
      "cve": "CVE-2021-31525",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2021-05-06T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64",
            "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
            "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
            "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1958341"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64",
          "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64",
          "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64",
          "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64",
          "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64",
          "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64",
          "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64",
          "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64",
          "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64",
          "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64",
          "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64",
          "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64",
          "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
          "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
          "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64",
          "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-31525"
        },
        {
          "category": "external",
          "summary": "RHBZ#1958341",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc",
          "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc"
        }
      ],
      "release_date": "2021-04-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-11-02T15:55:53+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64",
            "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:4104"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64",
            "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
            "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
            "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64",
            "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64",
            "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header"
    },
    {
      "cve": "CVE-2021-33195",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-08-02T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64",
            "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
            "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
            "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64",
            "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64",
            "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1989564"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net: lookup functions may return invalid host names",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64",
          "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64",
          "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64",
          "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64",
          "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64",
          "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64",
          "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64",
          "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64",
          "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64",
          "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
          "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
          "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64",
          "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64",
          "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64",
          "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64",
          "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64",
          "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-33195"
        },
        {
          "category": "external",
          "summary": "RHBZ#1989564",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989564"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33195",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-33195"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33195"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
          "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
        }
      ],
      "release_date": "2021-05-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-11-02T15:55:53+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:4104"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64",
            "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
            "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
            "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64",
            "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64",
            "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: net: lookup functions may return invalid host names"
    },
    {
      "cve": "CVE-2021-33197",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-08-02T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64",
            "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
            "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
            "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64",
            "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64",
            "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1989570"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64",
          "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64",
          "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64",
          "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64",
          "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64",
          "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64",
          "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64",
          "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64",
          "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64",
          "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
          "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
          "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64",
          "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64",
          "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64",
          "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64",
          "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64",
          "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-33197"
        },
        {
          "category": "external",
          "summary": "RHBZ#1989570",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989570"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33197",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-33197"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33197"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
          "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
        }
      ],
      "release_date": "2021-05-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-11-02T15:55:53+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:4104"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64",
            "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
            "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
            "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64",
            "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64",
            "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty"
    },
    {
      "cve": "CVE-2021-33198",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-08-02T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64",
            "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
            "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
            "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64",
            "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64",
            "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1989575"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64",
          "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64",
          "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64",
          "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64",
          "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64",
          "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64",
          "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64",
          "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64",
          "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64",
          "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
          "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
          "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64",
          "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64",
          "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64",
          "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64",
          "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64",
          "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-33198"
        },
        {
          "category": "external",
          "summary": "RHBZ#1989575",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989575"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33198",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33198"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
          "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
        }
      ],
      "release_date": "2021-03-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-11-02T15:55:53+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:4104"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64",
            "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
            "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
            "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64",
            "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64",
            "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents"
    },
    {
      "cve": "CVE-2021-34558",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-07-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64",
            "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
            "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
            "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64",
            "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64",
            "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1983596"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate\u0027s private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0\u20131.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "* This vulnerability potentially affects any component written in Go that uses crypto/tls from the standard library. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n    - OpenShift Container Platform\n    - OpenShift distributed tracing (formerly OpenShift Jaeger)\n    - OpenShift Migration Toolkit for Containers\n    - Red Hat Advanced Cluster Management for Kubernetes\n    - Red Hat OpenShift on AWS\n    - Red Hat OpenShift Virtualization\n\n* Because OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF1.2\u0027s containers.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64",
          "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64"
        ],
        "known_not_affected": [
          "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64",
          "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64",
          "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64",
          "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64",
          "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64",
          "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64",
          "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64",
          "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64",
          "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
          "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
          "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64",
          "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64",
          "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64",
          "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64",
          "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64",
          "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64",
          "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-34558"
        },
        {
          "category": "external",
          "summary": "RHBZ#1983596",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983596"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-34558",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34558"
        },
        {
          "category": "external",
          "summary": "https://golang.org/doc/devel/release#go1.15.minor",
          "url": "https://golang.org/doc/devel/release#go1.15.minor"
        },
        {
          "category": "external",
          "summary": "https://golang.org/doc/devel/release#go1.16.minor",
          "url": "https://golang.org/doc/devel/release#go1.16.minor"
        }
      ],
      "release_date": "2021-07-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-11-02T15:55:53+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:4104"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64",
            "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
            "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
            "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64",
            "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64",
            "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:3ca4ad49caa78f772298b84bca2bc0bbc9e440ab248de857b4f7b37139cfe69e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:8726e5e35ee4b31c66104e7c8e406d7b5040342954e0338ed548b5b2b1db583b_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:ee27c1fee061e3c012e223821510d81bdbedc2f4dcce6b6a1df3ee4e7ee8d95b_amd64",
            "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:ae296e5e29cb28b018708c511413c9b442e00adeeab117f55ef11aa697815cc5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:9a47e7f71bfd82a6bae03581c93c0b24bc56e60edf1f67956b48376467a82d3a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64",
            "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:fb78148f30401dc81acd1ad71b8c158b6da1ab9a4cd5a3988cc6dfd84f89d0fd_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:a2140a25b75110f2353f88bcdcc6cbddeea41efd2b653242b8a3426f82cf060f_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:7588b962baa2a7905775ecbf455f9a7c7ae77bcdeb8c59fd592019190f032fba_amd64",
            "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64",
            "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools-rhel8@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
            "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:14d2899027eeb27b2d6f6f0f3c3a67fb1bc14e15ca5371f51c936103e679b148_amd64",
            "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64",
            "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64",
            "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:c3398a7e793e928e085b2f1ac718f875d38b0be36a6eb9a4f8365b116f6d3606_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:3aea2b6db027a2419f26bdb1b74b1d3ca09e6675180a46cefac45dd96516c6c5_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:a7510b66fe8331591ba7d612eea04995f5ef42c10a0380f957b5e4b8be17fe8e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:f94eabaa002e1c2ae6ec927744da1bfa77a87403bbbedf6bb079746e6b4d1ebc_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:c74085b7378db3caeeb89e9d895cc84a7d5eaf6d95e9d79f3556574c96444fda_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:c26dd3e565e9cad198f9ac6fb64e0ce03a1cb0d285971b75289d5055265546e6_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:784677fe9a730b807874b4f0cd6af672fd0ee0fa0af6172e1e1b435976abf96e_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:86776c0fb82c7d2e3c2bfb9f0db0768eca7d54c9875d30e2137e07e744b15b5a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:4fc9209b2235bdd882b71a473e8b2c2491f9dfd2597c5fc4c2279ed843f23b05_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:ae293aa279c552d60530dd75a9ad3eee349e404766d799cd07050dd34ab41a6d_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64",
            "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "golang: crypto/tls: certificate of wrong type is causing TLS client to panic"
    }
  ]
}

CVE-2021-33198 (GCVE-0-2021-33198)

Vulnerability from cvelistv5 – Published: 2021-08-02 18:55 – Updated: 2024-08-03 23:42

Summary

In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

3 references

URL	Tags
https://groups.google.com/g/golang-announce	x_refsource_MISC
https://groups.google.com/g/golang-announce/c/RgC…	x_refsource_MISC
https://security.gentoo.org/glsa/202208-02	vendor-advisoryx_refsource_GENTOO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:42:20.280Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
          },
          {
            "name": "GLSA-202208-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-04T15:10:49.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/g/golang-announce"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
        },
        {
          "name": "GLSA-202208-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202208-02"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-33198",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://groups.google.com/g/golang-announce",
              "refsource": "MISC",
              "url": "https://groups.google.com/g/golang-announce"
            },
            {
              "name": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
              "refsource": "MISC",
              "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
            },
            {
              "name": "GLSA-202208-02",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202208-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-33198",
    "datePublished": "2021-08-02T18:55:53.000Z",
    "dateReserved": "2021-05-19T00:00:00.000Z",
    "dateUpdated": "2024-08-03T23:42:20.280Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-34558 (GCVE-0-2021-34558)

Vulnerability from cvelistv5 – Published: 2021-07-15 13:47 – Updated: 2024-08-04 00:12

Summary

The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

16 references

URL	Tags
https://groups.google.com/g/golang-announce	x_refsource_MISC
https://golang.org/doc/devel/release#go1.16.minor	x_refsource_MISC
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://www.oracle.com/security-alerts/cpuoct2021.html	x_refsource_MISC
https://groups.google.com/g/golang-announce/c/n9F…	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2021081…	x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
https://security.gentoo.org/glsa/202208-02	vendor-advisoryx_refsource_GENTOO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:12:50.360Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://golang.org/doc/devel/release#go1.16.minor"
          },
          {
            "name": "FEDORA-2021-25c0011e78",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D7FRFM7WWR2JCT6NORQ7AO6B453OMI3I/"
          },
          {
            "name": "FEDORA-2021-1bfb61f77c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BA7MFVXRBEKRTLSLYDICTYCGEMK2HZ7/"
          },
          {
            "name": "FEDORA-2021-3a55403080",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYIUSR4YP52PWG7YE7AA3DZ5OSURNFJB/"
          },
          {
            "name": "FEDORA-2021-47d259d3cf",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXJ2MVMAHOIGRH37ZSFYC4EVWLJFL2EQ/"
          },
          {
            "name": "FEDORA-2021-6ac9b98f9e",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBMLUQMN6XRKPVOI5XFFBP4XSR7RNTYR/"
          },
          {
            "name": "FEDORA-2021-07e4d20196",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XBQUFVI5TMV4KMKI7GKA223LHGPQISE/"
          },
          {
            "name": "FEDORA-2021-ffa749f7f7",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BTC3JQUASFN5U2XA4UZIGAPZQBD5JSS/"
          },
          {
            "name": "FEDORA-2021-54f88bebd4",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITRXPCHUCJGXCX2CUEPKZRRTB27GG4ZB/"
          },
          {
            "name": "FEDORA-2021-c35235c250",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLOGBB7XBBRB3J5FDPW5KWHSH7IRF64W/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210813-0005/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "name": "GLSA-202208-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-04T15:10:07.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/g/golang-announce"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://golang.org/doc/devel/release#go1.16.minor"
        },
        {
          "name": "FEDORA-2021-25c0011e78",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D7FRFM7WWR2JCT6NORQ7AO6B453OMI3I/"
        },
        {
          "name": "FEDORA-2021-1bfb61f77c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BA7MFVXRBEKRTLSLYDICTYCGEMK2HZ7/"
        },
        {
          "name": "FEDORA-2021-3a55403080",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYIUSR4YP52PWG7YE7AA3DZ5OSURNFJB/"
        },
        {
          "name": "FEDORA-2021-47d259d3cf",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXJ2MVMAHOIGRH37ZSFYC4EVWLJFL2EQ/"
        },
        {
          "name": "FEDORA-2021-6ac9b98f9e",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBMLUQMN6XRKPVOI5XFFBP4XSR7RNTYR/"
        },
        {
          "name": "FEDORA-2021-07e4d20196",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XBQUFVI5TMV4KMKI7GKA223LHGPQISE/"
        },
        {
          "name": "FEDORA-2021-ffa749f7f7",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BTC3JQUASFN5U2XA4UZIGAPZQBD5JSS/"
        },
        {
          "name": "FEDORA-2021-54f88bebd4",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITRXPCHUCJGXCX2CUEPKZRRTB27GG4ZB/"
        },
        {
          "name": "FEDORA-2021-c35235c250",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLOGBB7XBBRB3J5FDPW5KWHSH7IRF64W/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210813-0005/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "name": "GLSA-202208-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202208-02"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-34558",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://groups.google.com/g/golang-announce",
              "refsource": "MISC",
              "url": "https://groups.google.com/g/golang-announce"
            },
            {
              "name": "https://golang.org/doc/devel/release#go1.16.minor",
              "refsource": "MISC",
              "url": "https://golang.org/doc/devel/release#go1.16.minor"
            },
            {
              "name": "FEDORA-2021-25c0011e78",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D7FRFM7WWR2JCT6NORQ7AO6B453OMI3I/"
            },
            {
              "name": "FEDORA-2021-1bfb61f77c",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BA7MFVXRBEKRTLSLYDICTYCGEMK2HZ7/"
            },
            {
              "name": "FEDORA-2021-3a55403080",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JYIUSR4YP52PWG7YE7AA3DZ5OSURNFJB/"
            },
            {
              "name": "FEDORA-2021-47d259d3cf",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXJ2MVMAHOIGRH37ZSFYC4EVWLJFL2EQ/"
            },
            {
              "name": "FEDORA-2021-6ac9b98f9e",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBMLUQMN6XRKPVOI5XFFBP4XSR7RNTYR/"
            },
            {
              "name": "FEDORA-2021-07e4d20196",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3XBQUFVI5TMV4KMKI7GKA223LHGPQISE/"
            },
            {
              "name": "FEDORA-2021-ffa749f7f7",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BTC3JQUASFN5U2XA4UZIGAPZQBD5JSS/"
            },
            {
              "name": "FEDORA-2021-54f88bebd4",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRXPCHUCJGXCX2CUEPKZRRTB27GG4ZB/"
            },
            {
              "name": "FEDORA-2021-c35235c250",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NLOGBB7XBBRB3J5FDPW5KWHSH7IRF64W/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ",
              "refsource": "MISC",
              "url": "https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210813-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210813-0005/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "GLSA-202208-02",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202208-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-34558",
    "datePublished": "2021-07-15T13:47:36.000Z",
    "dateReserved": "2021-06-10T00:00:00.000Z",
    "dateUpdated": "2024-08-04T00:12:50.360Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-33197 (GCVE-0-2021-33197)

Vulnerability from cvelistv5 – Published: 2021-08-02 18:54 – Updated: 2024-08-03 23:42

Summary

In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

3 references

URL	Tags
https://groups.google.com/g/golang-announce	x_refsource_MISC
https://groups.google.com/g/golang-announce/c/RgC…	x_refsource_MISC
https://security.gentoo.org/glsa/202208-02	vendor-advisoryx_refsource_GENTOO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:42:20.296Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
          },
          {
            "name": "GLSA-202208-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-04T15:08:48.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/g/golang-announce"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
        },
        {
          "name": "GLSA-202208-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202208-02"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-33197",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://groups.google.com/g/golang-announce",
              "refsource": "MISC",
              "url": "https://groups.google.com/g/golang-announce"
            },
            {
              "name": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
              "refsource": "MISC",
              "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
            },
            {
              "name": "GLSA-202208-02",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202208-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-33197",
    "datePublished": "2021-08-02T18:54:45.000Z",
    "dateReserved": "2021-05-19T00:00:00.000Z",
    "dateUpdated": "2024-08-03T23:42:20.296Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-3121 (GCVE-0-2021-3121)

Vulnerability from cvelistv5 – Published: 2021-01-11 05:57 – Updated: 2024-08-03 16:45

Summary

An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

7 references

URL	Tags
https://github.com/gogo/protobuf/commit/b03c65ea8…	x_refsource_MISC
https://github.com/gogo/protobuf/compare/v1.3.1..…	x_refsource_MISC
https://lists.apache.org/thread.html/r88d69555cb7…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rc1e9ff22c56…	mailing-listx_refsource_MLIST
https://security.netapp.com/advisory/ntap-2021021…	x_refsource_CONFIRM
https://discuss.hashicorp.com/t/hcsec-2021-23-con…	x_refsource_MISC
https://lists.apache.org/thread.html/r68032132c03…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:45:51.251Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2"
          },
          {
            "name": "[pulsar-commits] 20210121 [GitHub] [pulsar-client-go] hrsakai opened a new pull request #446: Upgrade gogo/protobuf to 1.3.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20210122 [GitHub] [pulsar-client-go] hrsakai opened a new pull request #446: Upgrade gogo/protobuf to 1.3.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210219-0006/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025"
          },
          {
            "name": "[skywalking-notifications] 20211018 [GitHub] [skywalking-swck] hanahmily opened a new pull request #37: Fix vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the \"skippy peanut butter\" issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-18T05:06:11.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2"
        },
        {
          "name": "[pulsar-commits] 20210121 [GitHub] [pulsar-client-go] hrsakai opened a new pull request #446: Upgrade gogo/protobuf to 1.3.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20210122 [GitHub] [pulsar-client-go] hrsakai opened a new pull request #446: Upgrade gogo/protobuf to 1.3.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210219-0006/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025"
        },
        {
          "name": "[skywalking-notifications] 20211018 [GitHub] [skywalking-swck] hanahmily opened a new pull request #37: Fix vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-3121",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the \"skippy peanut butter\" issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc",
              "refsource": "MISC",
              "url": "https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc"
            },
            {
              "name": "https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2",
              "refsource": "MISC",
              "url": "https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2"
            },
            {
              "name": "[pulsar-commits] 20210121 [GitHub] [pulsar-client-go] hrsakai opened a new pull request #446: Upgrade gogo/protobuf to 1.3.2",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20210122 [GitHub] [pulsar-client-go] hrsakai opened a new pull request #446: Upgrade gogo/protobuf to 1.3.2",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210219-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210219-0006/"
            },
            {
              "name": "https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025",
              "refsource": "MISC",
              "url": "https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025"
            },
            {
              "name": "[skywalking-notifications] 20211018 [GitHub] [skywalking-swck] hanahmily opened a new pull request #37: Fix vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-3121",
    "datePublished": "2021-01-11T05:57:18.000Z",
    "dateReserved": "2021-01-11T00:00:00.000Z",
    "dateUpdated": "2024-08-03T16:45:51.251Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-31525 (GCVE-0-2021-31525)

Vulnerability from cvelistv5 – Published: 2021-05-27 12:17 – Updated: 2024-08-03 23:03

Summary

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

4 references

URL	Tags
https://groups.google.com/g/golang-announce/c/cu9…	x_refsource_MISC
https://github.com/golang/go/issues/45710	x_refsource_MISC
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://security.gentoo.org/glsa/202208-02	vendor-advisoryx_refsource_GENTOO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:03:33.426Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/golang/go/issues/45710"
          },
          {
            "name": "FEDORA-2021-ee3c072cd0",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/"
          },
          {
            "name": "GLSA-202208-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-04T15:07:55.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/golang/go/issues/45710"
        },
        {
          "name": "FEDORA-2021-ee3c072cd0",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/"
        },
        {
          "name": "GLSA-202208-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202208-02"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-31525",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc",
              "refsource": "MISC",
              "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc"
            },
            {
              "name": "https://github.com/golang/go/issues/45710",
              "refsource": "MISC",
              "url": "https://github.com/golang/go/issues/45710"
            },
            {
              "name": "FEDORA-2021-ee3c072cd0",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ISRZZ6NY5R2TBYE72KZFOCO25TEUQTBF/"
            },
            {
              "name": "GLSA-202208-02",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202208-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-31525",
    "datePublished": "2021-05-27T12:17:11.000Z",
    "dateReserved": "2021-04-21T00:00:00.000Z",
    "dateUpdated": "2024-08-03T23:03:33.426Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-33195 (GCVE-0-2021-33195)

Vulnerability from cvelistv5 – Published: 2021-08-02 18:51 – Updated: 2024-08-03 23:42

Summary

Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

4 references

URL	Tags
https://groups.google.com/g/golang-announce	x_refsource_MISC
https://groups.google.com/g/golang-announce/c/RgC…	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2021090…	x_refsource_CONFIRM
https://security.gentoo.org/glsa/202208-02	vendor-advisoryx_refsource_GENTOO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:42:20.281Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210902-0005/"
          },
          {
            "name": "GLSA-202208-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-04T15:07:31.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/g/golang-announce"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210902-0005/"
        },
        {
          "name": "GLSA-202208-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202208-02"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-33195",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://groups.google.com/g/golang-announce",
              "refsource": "MISC",
              "url": "https://groups.google.com/g/golang-announce"
            },
            {
              "name": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI",
              "refsource": "MISC",
              "url": "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210902-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210902-0005/"
            },
            {
              "name": "GLSA-202208-02",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202208-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-33195",
    "datePublished": "2021-08-02T18:51:34.000Z",
    "dateReserved": "2021-05-19T00:00:00.000Z",
    "dateUpdated": "2024-08-03T23:42:20.281Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2021:4104

CVE-2021-33198 (GCVE-0-2021-33198)

CVE-2021-34558 (GCVE-0-2021-34558)

CVE-2021-33197 (GCVE-0-2021-33197)

CVE-2021-3121 (GCVE-0-2021-3121)

CVE-2021-31525 (GCVE-0-2021-31525)

CVE-2021-33195 (GCVE-0-2021-33195)

Tags

Sightings

Nomenclature