csaf_redhat - rhsa-2022

rhsa-2022_1081

Vulnerability from csaf_redhat

Published

2022-03-28 14:14

Modified

2024-09-18 04:47

Summary

Red Hat Security Advisory: Gatekeeper Operator v0.2 security updates and bug fixes

Notes

Topic

Gatekeeper Operator v0.2 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Gatekeeper Operator v0.2 Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters. This advisory contains the container images for Gatekeeper that include security updates, and container upgrades. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Note: Gatekeeper support from the Red Hat support team is limited cases where it is integrated and used with Red Hat Advanced Cluster Management for Kubernetes. For support options for any other use, see the Gatekeeper open source project website at: https://open-policy-agent.github.io/gatekeeper/website/docs/howto/. Security updates: * golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565) * golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Gatekeeper Operator v0.2\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Gatekeeper Operator v0.2\n\nGatekeeper is an open source project that applies the OPA Constraint\nFramework to enforce policies on your Kubernetes clusters. \n\nThis advisory contains the container images for Gatekeeper that include security updates, and container upgrades.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\nNote: Gatekeeper support from the Red Hat support team is limited cases\nwhere it is integrated and used with Red Hat Advanced Cluster Management\nfor Kubernetes. For support options for any other use, see the Gatekeeper\nopen source project website at:\nhttps://open-policy-agent.github.io/gatekeeper/website/docs/howto/.\n\nSecurity updates:\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:1081",
        "url": "https://access.redhat.com/errata/RHSA-2022:1081"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://open-policy-agent.github.io/gatekeeper/website/docs/howto/",
        "url": "https://open-policy-agent.github.io/gatekeeper/website/docs/howto/"
      },
      {
        "category": "external",
        "summary": "2030787",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030787"
      },
      {
        "category": "external",
        "summary": "2053429",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_1081.json"
      }
    ],
    "title": "Red Hat Security Advisory: Gatekeeper Operator v0.2 security updates and bug fixes",
    "tracking": {
      "current_release_date": "2024-09-18T04:47:32+00:00",
      "generator": {
        "date": "2024-09-18T04:47:32+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2022:1081",
      "initial_release_date": "2022-03-28T14:14:19+00:00",
      "revision_history": [
        {
          "date": "2022-03-28T14:14:19+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-03-28T14:14:19+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-18T04:47:32+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8",
                "product": {
                  "name": "Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8",
                  "product_id": "8Base-RHACM-2.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:acm:2.3::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat ACM"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x",
                "product": {
                  "name": "rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x",
                  "product_id": "rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/gatekeeper-rhel8\u0026tag=v3.5.3-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x",
                "product": {
                  "name": "rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x",
                  "product_id": "rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/gatekeeper-rhel8-operator\u0026tag=v0.2.2-3"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64",
                "product": {
                  "name": "rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64",
                  "product_id": "rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/gatekeeper-rhel8\u0026tag=v3.5.3-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64",
                "product": {
                  "name": "rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64",
                  "product_id": "rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/gatekeeper-operator-bundle\u0026tag=v0.2.2-13"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64",
                "product": {
                  "name": "rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64",
                  "product_id": "rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/gatekeeper-operator-bundle\u0026tag=v0.2.2-14"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64",
                "product": {
                  "name": "rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64",
                  "product_id": "rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/gatekeeper-rhel8-operator\u0026tag=v0.2.2-3"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le",
                "product": {
                  "name": "rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le",
                  "product_id": "rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/gatekeeper-rhel8\u0026tag=v3.5.3-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le",
                "product": {
                  "name": "rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le",
                  "product_id": "rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/gatekeeper-rhel8-operator\u0026tag=v0.2.2-3"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8",
          "product_id": "8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64"
        },
        "product_reference": "rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8",
          "product_id": "8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64"
        },
        "product_reference": "rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8",
          "product_id": "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x"
        },
        "product_reference": "rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x",
        "relates_to_product_reference": "8Base-RHACM-2.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8",
          "product_id": "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le"
        },
        "product_reference": "rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le",
        "relates_to_product_reference": "8Base-RHACM-2.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8",
          "product_id": "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64"
        },
        "product_reference": "rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8",
          "product_id": "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le"
        },
        "product_reference": "rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le",
        "relates_to_product_reference": "8Base-RHACM-2.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8",
          "product_id": "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64"
        },
        "product_reference": "rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64",
        "relates_to_product_reference": "8Base-RHACM-2.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8",
          "product_id": "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x"
        },
        "product_reference": "rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x",
        "relates_to_product_reference": "8Base-RHACM-2.3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-43565",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-12-07T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64",
            "8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2030787"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "There\u0027s an input validation flaw in golang.org/x/crypto\u0027s readCipherPacket() function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a panic, potentially leading to denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/crypto: empty plaintext packet causes panic",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "go-toolset shipped with Red Hat Developer Tools - Compilers and golang shipped with Red Hat Enterprise Linux 8 are not affected by this flaw because they do not ship the vulnerable code.\n\nThis flaw was rated to have a Moderate impact because it is not shipped in the Golang standard library and thus has a reduced impact to products compared with other flaws of this type.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x",
          "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le",
          "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64",
          "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le",
          "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64",
          "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x"
        ],
        "known_not_affected": [
          "8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64",
          "8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-43565"
        },
        {
          "category": "external",
          "summary": "RHBZ#2030787",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030787"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43565",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43565",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43565"
        }
      ],
      "release_date": "2021-12-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThe requirements to apply the upgraded images are different whether or not you\nused the operator. Complete the following steps, depending on your installation:\n\n- Upgrade gatekeeper operator:\nThe gatekeeper operator that is installed by the gatekeeper operator policy has\n`installPlanApproval` set to `Automatic`. This setting means the operator will\nbe upgraded automatically when there is a new version of the operator. No\nfurther action is required for upgrade. If you changed the setting for `installPlanApproval` to `manual`, then you must view each cluster to manually\napprove the upgrade to the operator.\n\n- Upgrade gatekeeper without the operator:\nThe gatekeeper version is specified as part of the Gatekeeper CR in the\ngatekeeper operator policy. To upgrade the gatekeeper version:\na) Determine the latest version of gatekeeper by visiting:\nhttps://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9.\nb) Click the tag dropdown, and find the latest static tag. An example tag is\n\u0027v3.3.0-1\u0027.\nc) Edit the gatekeeper operator policy and update the image tag to use the\nlatest static tag. For example, you might change this line to image: \u0027registry.redhat.io/rhacm2/gatekeeper-rhel8:v3.3.0-1\u0027.\n\nRefer to https://open-policy-agent.github.io/gatekeeper/website/docs/howto/ for additional information.",
          "product_ids": [
            "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x",
            "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le",
            "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64",
            "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le",
            "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64",
            "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:1081"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x",
            "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le",
            "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64",
            "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le",
            "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64",
            "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang.org/x/crypto: empty plaintext packet causes panic"
    },
    {
      "cve": "CVE-2022-23806",
      "cwe": {
        "id": "CWE-252",
        "name": "Unchecked Return Value"
      },
      "discovery_date": "2022-02-11T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64",
            "8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2053429"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 \u0026 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x",
          "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le",
          "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64",
          "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le",
          "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64",
          "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x"
        ],
        "known_not_affected": [
          "8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:45d089924f550f50ed5c1e56b249bcd7aeb29ff502bb80b8bdf05bac8a3bc394_amd64",
          "8Base-RHACM-2.3:rhacm2/gatekeeper-operator-bundle@sha256:76266d3bcfb843cf80ace7abe79fba09b984cb36b7dad7812370acb6262308bc_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-23806"
        },
        {
          "category": "external",
          "summary": "RHBZ#2053429",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23806",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
          "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
        }
      ],
      "release_date": "2022-02-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThe requirements to apply the upgraded images are different whether or not you\nused the operator. Complete the following steps, depending on your installation:\n\n- Upgrade gatekeeper operator:\nThe gatekeeper operator that is installed by the gatekeeper operator policy has\n`installPlanApproval` set to `Automatic`. This setting means the operator will\nbe upgraded automatically when there is a new version of the operator. No\nfurther action is required for upgrade. If you changed the setting for `installPlanApproval` to `manual`, then you must view each cluster to manually\napprove the upgrade to the operator.\n\n- Upgrade gatekeeper without the operator:\nThe gatekeeper version is specified as part of the Gatekeeper CR in the\ngatekeeper operator policy. To upgrade the gatekeeper version:\na) Determine the latest version of gatekeeper by visiting:\nhttps://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9.\nb) Click the tag dropdown, and find the latest static tag. An example tag is\n\u0027v3.3.0-1\u0027.\nc) Edit the gatekeeper operator policy and update the image tag to use the\nlatest static tag. For example, you might change this line to image: \u0027registry.redhat.io/rhacm2/gatekeeper-rhel8:v3.3.0-1\u0027.\n\nRefer to https://open-policy-agent.github.io/gatekeeper/website/docs/howto/ for additional information.",
          "product_ids": [
            "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x",
            "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le",
            "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64",
            "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le",
            "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64",
            "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:1081"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:06555a7497d61e8d3f8612e8cf658d382b0279b2850d5a6f0b0dcbf8d0c98294_s390x",
            "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:25cddac648fa256c3abbaef51fd4a461f9b5afffe4dbd08468da5ff81b3776c3_ppc64le",
            "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8-operator@sha256:be273eb43e32a98c725529671aeef0533bd2e60efe885543d3573acf11520c3e_amd64",
            "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:00c9cfa2427ecead3699f5d549ad0ccda9ac9072974375cc9fa0590a344e1218_ppc64le",
            "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:045964790917c08dfde185f61f14c5bcf72f3ecca974b9a88a3888656517d852_amd64",
            "8Base-RHACM-2.3:rhacm2/gatekeeper-rhel8@sha256:8b9bea2f45a38841696cd9f889a976e10cac826e92459c7ef32a953faa375942_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements"
    }
  ]
}

cve-2021-43565

Vulnerability from cvelistv5

Published

2022-09-06 17:03

Modified

2024-08-04 04:03

Severity

Summary

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.

References

URL	Tags
https://groups.google.com/forum/#%21forum/golang-announce	x_refsource_MISC
https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs	x_refsource_CONFIRM

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:03:07.828Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/forum/#%21forum/golang-announce"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-06T17:03:42",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/forum/#%21forum/golang-announce"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-43565",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://groups.google.com/forum/#!forum/golang-announce",
              "refsource": "MISC",
              "url": "https://groups.google.com/forum/#!forum/golang-announce"
            },
            {
              "name": "https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs",
              "refsource": "CONFIRM",
              "url": "https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-43565",
    "datePublished": "2022-09-06T17:03:42",
    "dateReserved": "2021-11-09T00:00:00",
    "dateUpdated": "2024-08-04T04:03:07.828Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-23806

Vulnerability from cvelistv5

Published

2022-02-11 00:00

Modified

2024-08-03 03:51

Severity

Summary

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.

References

URL	Tags
https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html	mailing-list
https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html	mailing-list
https://www.oracle.com/security-alerts/cpujul2022.html
https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
https://security.netapp.com/advisory/ntap-20220225-0006/
https://security.gentoo.org/glsa/202208-02	vendor-advisory
https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html	mailing-list

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:51:45.994Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2985-1] golang-1.7 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html"
          },
          {
            "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2986-1] golang-1.8 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
          },
          {
            "name": "GLSA-202208-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-02"
          },
          {
            "name": "[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-19T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2985-1] golang-1.7 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html"
        },
        {
          "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2986-1] golang-1.8 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
        },
        {
          "name": "GLSA-202208-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202208-02"
        },
        {
          "name": "[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-23806",
    "datePublished": "2022-02-11T00:00:00",
    "dateReserved": "2022-01-21T00:00:00",
    "dateUpdated": "2024-08-03T03:51:45.994Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

rhsa-2022_1081

Vulnerability from csaf_redhat

cve-2021-43565

Vulnerability from cvelistv5

cve-2022-23806

Vulnerability from cvelistv5

Tags