Vulnerability-Lookup

RHSA-2022_5729

Vulnerability from csaf_redhat - Published: 2022-08-01 11:18 - Updated: 2024-12-17 21:58

Summary

Red Hat Security Advisory: OpenShift Container Platform 4.10.25 security update

Severity

Moderate

Notes

Topic: Red Hat OpenShift Container Platform release 4.10.25 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.25. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHSA-2022:5730 Security Fix(es): * golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675) * golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2022-23773

A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-1220 - Insufficient Granularity of Access Control

Affected products

Fixed 16 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.aarch64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.aarch64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.aarch64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.x86_64	—	Vendor Fix fix

Known not affected 53 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64		—
Unresolved product id: 8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-kuryr-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-kuryr-cni-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-kuryr-common-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-kuryr-controller-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openstack-ironic-1:19.0.1-0.20220712154507.f14c488.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:openstack-ironic-api-1:19.0.1-0.20220712154507.f14c488.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openstack-ironic-common-1:19.0.1-0.20220712154507.f14c488.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openstack-ironic-conductor-1:19.0.1-0.20220712154507.f14c488.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:python3-ironic-tests-1:19.0.1-0.20220712154507.f14c488.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:python3-kuryr-kubernetes-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch		—

Threats

Impact Moderate

CVE-2022-23806

A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CWE-252 - Unchecked Return Value

Affected products

Fixed 16 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.aarch64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.aarch64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.aarch64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.x86_64	—	Vendor Fix fix

Known not affected 53 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64		—
Unresolved product id: 8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-kuryr-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-kuryr-cni-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-kuryr-common-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-kuryr-controller-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openstack-ironic-1:19.0.1-0.20220712154507.f14c488.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:openstack-ironic-api-1:19.0.1-0.20220712154507.f14c488.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openstack-ironic-common-1:19.0.1-0.20220712154507.f14c488.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openstack-ironic-conductor-1:19.0.1-0.20220712154507.f14c488.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:python3-ironic-tests-1:19.0.1-0.20220712154507.f14c488.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:python3-kuryr-kubernetes-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch		—

Threats

Impact Moderate

CVE-2022-24675

A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Fixed 16 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.aarch64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.aarch64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.aarch64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.x86_64	—	Vendor Fix fix

Known not affected 53 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64		—
Unresolved product id: 8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-kuryr-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-kuryr-cni-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-kuryr-common-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-kuryr-controller-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openstack-ironic-1:19.0.1-0.20220712154507.f14c488.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:openstack-ironic-api-1:19.0.1-0.20220712154507.f14c488.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openstack-ironic-common-1:19.0.1-0.20220712154507.f14c488.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openstack-ironic-conductor-1:19.0.1-0.20220712154507.f14c488.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:python3-ironic-tests-1:19.0.1-0.20220712154507.f14c488.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:python3-kuryr-kubernetes-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch		—

Threats

Impact Moderate

CVE-2022-24921

A stack overflow flaw was found in Golang's regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 32 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.aarch64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.aarch64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.aarch64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.x86_64	—	Vendor Fix fix

Known not affected 37 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64		—
Unresolved product id: 8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-kuryr-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-kuryr-cni-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-kuryr-common-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-kuryr-controller-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openstack-ironic-1:19.0.1-0.20220712154507.f14c488.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:openstack-ironic-api-1:19.0.1-0.20220712154507.f14c488.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openstack-ironic-common-1:19.0.1-0.20220712154507.f14c488.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openstack-ironic-conductor-1:19.0.1-0.20220712154507.f14c488.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:python3-ironic-tests-1:19.0.1-0.20220712154507.f14c488.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:python3-kuryr-kubernetes-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch		—

Threats

Impact Moderate

CVE-2022-28327

An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-190 - Integer Overflow or Wraparound

Affected products

Fixed 16 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.aarch64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.aarch64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.aarch64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.x86_64	—	Vendor Fix fix

Known not affected 53 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64		—
Unresolved product id: 8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-kuryr-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-kuryr-cni-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-kuryr-common-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-kuryr-controller-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openstack-ironic-1:19.0.1-0.20220712154507.f14c488.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:openstack-ironic-api-1:19.0.1-0.20220712154507.f14c488.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openstack-ironic-common-1:19.0.1-0.20220712154507.f14c488.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openstack-ironic-conductor-1:19.0.1-0.20220712154507.f14c488.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:python3-ironic-tests-1:19.0.1-0.20220712154507.f14c488.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:python3-kuryr-kubernetes-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch		—

Threats

Impact Moderate

CVE-2022-29526

A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability.

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-280 - Improper Handling of Insufficient Permissions or Privileges

Affected products

Fixed 37 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64	—	Vendor Fix fix

Known not affected 32 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.aarch64		—
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.aarch64		—
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.aarch64		—
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-kuryr-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-kuryr-cni-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-kuryr-common-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openshift-kuryr-controller-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openstack-ironic-1:19.0.1-0.20220712154507.f14c488.el8.src		—
Unresolved product id: 8Base-RHOSE-4.10:openstack-ironic-api-1:19.0.1-0.20220712154507.f14c488.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openstack-ironic-common-1:19.0.1-0.20220712154507.f14c488.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:openstack-ironic-conductor-1:19.0.1-0.20220712154507.f14c488.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:python3-ironic-tests-1:19.0.1-0.20220712154507.f14c488.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.10:python3-kuryr-kubernetes-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch		—

Threats

Impact Moderate

References

33 references

URL	Category
https://access.redhat.com/errata/RHSA-2022:5729	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2064857	external
https://bugzilla.redhat.com/show_bug.cgi?id=2077688	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2022-23773	self
https://bugzilla.redhat.com/show_bug.cgi?id=2053541	external
https://www.cve.org/CVERecord?id=CVE-2022-23773	external
https://nvd.nist.gov/vuln/detail/CVE-2022-23773	external
https://groups.google.com/g/golang-announce/c/SUs…	external
https://access.redhat.com/security/cve/CVE-2022-23806	self
https://bugzilla.redhat.com/show_bug.cgi?id=2053429	external
https://www.cve.org/CVERecord?id=CVE-2022-23806	external
https://nvd.nist.gov/vuln/detail/CVE-2022-23806	external
https://access.redhat.com/security/cve/CVE-2022-24675	self
https://bugzilla.redhat.com/show_bug.cgi?id=2077688	external
https://www.cve.org/CVERecord?id=CVE-2022-24675	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24675	external
https://groups.google.com/g/golang-announce/c/oec…	external
https://access.redhat.com/security/cve/CVE-2022-24921	self
https://bugzilla.redhat.com/show_bug.cgi?id=2064857	external
https://www.cve.org/CVERecord?id=CVE-2022-24921	external
https://nvd.nist.gov/vuln/detail/CVE-2022-24921	external
https://groups.google.com/g/golang-announce/c/RP1…	external
https://access.redhat.com/security/cve/CVE-2022-28327	self
https://bugzilla.redhat.com/show_bug.cgi?id=2077689	external
https://www.cve.org/CVERecord?id=CVE-2022-28327	external
https://nvd.nist.gov/vuln/detail/CVE-2022-28327	external
https://access.redhat.com/security/cve/CVE-2022-29526	self
https://bugzilla.redhat.com/show_bug.cgi?id=2084085	external
https://www.cve.org/CVERecord?id=CVE-2022-29526	external
https://nvd.nist.gov/vuln/detail/CVE-2022-29526	external
https://groups.google.com/g/golang-announce/c/Y5q…	external

Acknowledgments

Joël Gähwiler

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat OpenShift Container Platform release 4.10.25 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.10.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.25. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHSA-2022:5730\n\nSecurity Fix(es):\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n* golang: regexp: stack exhaustion via a deeply nested expression\n(CVE-2022-24921)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:5729",
        "url": "https://access.redhat.com/errata/RHSA-2022:5729"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2064857",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857"
      },
      {
        "category": "external",
        "summary": "2077688",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_5729.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Container Platform 4.10.25 security update",
    "tracking": {
      "current_release_date": "2024-12-17T21:58:54+00:00",
      "generator": {
        "date": "2024-12-17T21:58:54+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2022:5729",
      "initial_release_date": "2022-08-01T11:18:52+00:00",
      "revision_history": [
        {
          "date": "2022-08-01T11:18:52+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-08-01T11:18:52+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-17T21:58:54+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 4.10",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.10",
                  "product_id": "8Base-RHOSE-4.10",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:4.10::el8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 4.10",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.10",
                  "product_id": "7Server-RH7-RHOSE-4.10",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:4.10::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src",
                "product": {
                  "name": "atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src",
                  "product_id": "atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src",
                "product": {
                  "name": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src",
                  "product_id": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o@1.23.3-11.rhaos4.10.gitddf4b1a.1.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-tools-0:1.23.0-1.1.el8.src",
                "product": {
                  "name": "cri-tools-0:1.23.0-1.1.el8.src",
                  "product_id": "cri-tools-0:1.23.0-1.1.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-tools@1.23.0-1.1.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src",
                "product": {
                  "name": "openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src",
                  "product_id": "openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift@4.10.0-202207192015.p0.g012e945.assembly.stream.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src",
                "product": {
                  "name": "openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src",
                  "product_id": "openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@4.10.0-202207192015.p0.g1e68436.assembly.stream.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src",
                "product": {
                  "name": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src",
                  "product_id": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients@4.10.0-202207192015.p0.g45460a5.assembly.stream.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-kuryr-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src",
                "product": {
                  "name": "openshift-kuryr-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src",
                  "product_id": "openshift-kuryr-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-kuryr@4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openstack-ironic-1:19.0.1-0.20220712154507.f14c488.el8.src",
                "product": {
                  "name": "openstack-ironic-1:19.0.1-0.20220712154507.f14c488.el8.src",
                  "product_id": "openstack-ironic-1:19.0.1-0.20220712154507.f14c488.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-ironic@19.0.1-0.20220712154507.f14c488.el8?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src",
                "product": {
                  "name": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src",
                  "product_id": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o@1.23.3-11.rhaos4.10.gitddf4b1a.1.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-tools-0:1.23.0-1.1.el7.src",
                "product": {
                  "name": "cri-tools-0:1.23.0-1.1.el7.src",
                  "product_id": "cri-tools-0:1.23.0-1.1.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-tools@1.23.0-1.1.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src",
                "product": {
                  "name": "openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src",
                  "product_id": "openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift@4.10.0-202207192015.p0.g012e945.assembly.stream.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src",
                "product": {
                  "name": "openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src",
                  "product_id": "openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@4.10.0-202207192015.p0.g1e68436.assembly.stream.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src",
                "product": {
                  "name": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src",
                  "product_id": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients@4.10.0-202207192015.p0.g45460a5.assembly.stream.el7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64",
                "product": {
                  "name": "atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64",
                  "product_id": "atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
                "product": {
                  "name": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
                  "product_id": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o@1.23.3-11.rhaos4.10.gitddf4b1a.1.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
                "product": {
                  "name": "cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
                  "product_id": "cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o-debugsource@1.23.3-11.rhaos4.10.gitddf4b1a.1.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
                "product": {
                  "name": "cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
                  "product_id": "cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.23.3-11.rhaos4.10.gitddf4b1a.1.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-tools-0:1.23.0-1.1.el8.x86_64",
                "product": {
                  "name": "cri-tools-0:1.23.0-1.1.el8.x86_64",
                  "product_id": "cri-tools-0:1.23.0-1.1.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-tools@1.23.0-1.1.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-tools-debugsource-0:1.23.0-1.1.el8.x86_64",
                "product": {
                  "name": "cri-tools-debugsource-0:1.23.0-1.1.el8.x86_64",
                  "product_id": "cri-tools-debugsource-0:1.23.0-1.1.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-tools-debugsource@1.23.0-1.1.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-tools-debuginfo-0:1.23.0-1.1.el8.x86_64",
                "product": {
                  "name": "cri-tools-debuginfo-0:1.23.0-1.1.el8.x86_64",
                  "product_id": "cri-tools-debuginfo-0:1.23.0-1.1.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-tools-debuginfo@1.23.0-1.1.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64",
                "product": {
                  "name": "openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64",
                  "product_id": "openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-hyperkube@4.10.0-202207192015.p0.g012e945.assembly.stream.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
                "product": {
                  "name": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
                  "product_id": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients@4.10.0-202207192015.p0.g45460a5.assembly.stream.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
                "product": {
                  "name": "openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
                  "product_id": "openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.10.0-202207192015.p0.g45460a5.assembly.stream.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
                "product": {
                  "name": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
                  "product_id": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o@1.23.3-11.rhaos4.10.gitddf4b1a.1.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
                "product": {
                  "name": "cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
                  "product_id": "cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.23.3-11.rhaos4.10.gitddf4b1a.1.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-tools-0:1.23.0-1.1.el7.x86_64",
                "product": {
                  "name": "cri-tools-0:1.23.0-1.1.el7.x86_64",
                  "product_id": "cri-tools-0:1.23.0-1.1.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-tools@1.23.0-1.1.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-tools-debuginfo-0:1.23.0-1.1.el7.x86_64",
                "product": {
                  "name": "cri-tools-debuginfo-0:1.23.0-1.1.el7.x86_64",
                  "product_id": "cri-tools-debuginfo-0:1.23.0-1.1.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-tools-debuginfo@1.23.0-1.1.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64",
                "product": {
                  "name": "openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64",
                  "product_id": "openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-hyperkube@4.10.0-202207192015.p0.g012e945.assembly.stream.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
                "product": {
                  "name": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
                  "product_id": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients@4.10.0-202207192015.p0.g45460a5.assembly.stream.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
                "product": {
                  "name": "openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
                  "product_id": "openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.10.0-202207192015.p0.g45460a5.assembly.stream.el7?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64",
                "product": {
                  "name": "atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64",
                  "product_id": "atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
                "product": {
                  "name": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
                  "product_id": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o@1.23.3-11.rhaos4.10.gitddf4b1a.1.el8?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
                "product": {
                  "name": "cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
                  "product_id": "cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o-debugsource@1.23.3-11.rhaos4.10.gitddf4b1a.1.el8?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
                "product": {
                  "name": "cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
                  "product_id": "cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.23.3-11.rhaos4.10.gitddf4b1a.1.el8?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-tools-0:1.23.0-1.1.el8.aarch64",
                "product": {
                  "name": "cri-tools-0:1.23.0-1.1.el8.aarch64",
                  "product_id": "cri-tools-0:1.23.0-1.1.el8.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-tools@1.23.0-1.1.el8?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-tools-debugsource-0:1.23.0-1.1.el8.aarch64",
                "product": {
                  "name": "cri-tools-debugsource-0:1.23.0-1.1.el8.aarch64",
                  "product_id": "cri-tools-debugsource-0:1.23.0-1.1.el8.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-tools-debugsource@1.23.0-1.1.el8?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-tools-debuginfo-0:1.23.0-1.1.el8.aarch64",
                "product": {
                  "name": "cri-tools-debuginfo-0:1.23.0-1.1.el8.aarch64",
                  "product_id": "cri-tools-debuginfo-0:1.23.0-1.1.el8.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-tools-debuginfo@1.23.0-1.1.el8?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64",
                "product": {
                  "name": "openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64",
                  "product_id": "openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-hyperkube@4.10.0-202207192015.p0.g012e945.assembly.stream.el8?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64",
                "product": {
                  "name": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64",
                  "product_id": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients@4.10.0-202207192015.p0.g45460a5.assembly.stream.el8?arch=aarch64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le",
                "product": {
                  "name": "atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le",
                  "product_id": "atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
                "product": {
                  "name": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
                  "product_id": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o@1.23.3-11.rhaos4.10.gitddf4b1a.1.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
                "product": {
                  "name": "cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
                  "product_id": "cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o-debugsource@1.23.3-11.rhaos4.10.gitddf4b1a.1.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
                "product": {
                  "name": "cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
                  "product_id": "cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.23.3-11.rhaos4.10.gitddf4b1a.1.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-tools-0:1.23.0-1.1.el8.ppc64le",
                "product": {
                  "name": "cri-tools-0:1.23.0-1.1.el8.ppc64le",
                  "product_id": "cri-tools-0:1.23.0-1.1.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-tools@1.23.0-1.1.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-tools-debugsource-0:1.23.0-1.1.el8.ppc64le",
                "product": {
                  "name": "cri-tools-debugsource-0:1.23.0-1.1.el8.ppc64le",
                  "product_id": "cri-tools-debugsource-0:1.23.0-1.1.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-tools-debugsource@1.23.0-1.1.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-tools-debuginfo-0:1.23.0-1.1.el8.ppc64le",
                "product": {
                  "name": "cri-tools-debuginfo-0:1.23.0-1.1.el8.ppc64le",
                  "product_id": "cri-tools-debuginfo-0:1.23.0-1.1.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-tools-debuginfo@1.23.0-1.1.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le",
                "product": {
                  "name": "openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le",
                  "product_id": "openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-hyperkube@4.10.0-202207192015.p0.g012e945.assembly.stream.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le",
                "product": {
                  "name": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le",
                  "product_id": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients@4.10.0-202207192015.p0.g45460a5.assembly.stream.el8?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x",
                "product": {
                  "name": "atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x",
                  "product_id": "atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
                "product": {
                  "name": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
                  "product_id": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o@1.23.3-11.rhaos4.10.gitddf4b1a.1.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
                "product": {
                  "name": "cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
                  "product_id": "cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o-debugsource@1.23.3-11.rhaos4.10.gitddf4b1a.1.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
                "product": {
                  "name": "cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
                  "product_id": "cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.23.3-11.rhaos4.10.gitddf4b1a.1.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-tools-0:1.23.0-1.1.el8.s390x",
                "product": {
                  "name": "cri-tools-0:1.23.0-1.1.el8.s390x",
                  "product_id": "cri-tools-0:1.23.0-1.1.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-tools@1.23.0-1.1.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-tools-debugsource-0:1.23.0-1.1.el8.s390x",
                "product": {
                  "name": "cri-tools-debugsource-0:1.23.0-1.1.el8.s390x",
                  "product_id": "cri-tools-debugsource-0:1.23.0-1.1.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-tools-debugsource@1.23.0-1.1.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-tools-debuginfo-0:1.23.0-1.1.el8.s390x",
                "product": {
                  "name": "cri-tools-debuginfo-0:1.23.0-1.1.el8.s390x",
                  "product_id": "cri-tools-debuginfo-0:1.23.0-1.1.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-tools-debuginfo@1.23.0-1.1.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x",
                "product": {
                  "name": "openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x",
                  "product_id": "openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-hyperkube@4.10.0-202207192015.p0.g012e945.assembly.stream.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x",
                "product": {
                  "name": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x",
                  "product_id": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients@4.10.0-202207192015.p0.g45460a5.assembly.stream.el8?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
                "product": {
                  "name": "openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
                  "product_id": "openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@4.10.0-202207192015.p0.g1e68436.assembly.stream.el8?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
                "product": {
                  "name": "openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
                  "product_id": "openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-test@4.10.0-202207192015.p0.g1e68436.assembly.stream.el8?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-kuryr-cni-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
                "product": {
                  "name": "openshift-kuryr-cni-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
                  "product_id": "openshift-kuryr-cni-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-kuryr-cni@4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-kuryr-common-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
                "product": {
                  "name": "openshift-kuryr-common-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
                  "product_id": "openshift-kuryr-common-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-kuryr-common@4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-kuryr-controller-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
                "product": {
                  "name": "openshift-kuryr-controller-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
                  "product_id": "openshift-kuryr-controller-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-kuryr-controller@4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-kuryr-kubernetes-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
                "product": {
                  "name": "python3-kuryr-kubernetes-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
                  "product_id": "python3-kuryr-kubernetes-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-kuryr-kubernetes@4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openstack-ironic-api-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
                "product": {
                  "name": "openstack-ironic-api-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
                  "product_id": "openstack-ironic-api-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-ironic-api@19.0.1-0.20220712154507.f14c488.el8?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openstack-ironic-common-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
                "product": {
                  "name": "openstack-ironic-common-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
                  "product_id": "openstack-ironic-common-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-ironic-common@19.0.1-0.20220712154507.f14c488.el8?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openstack-ironic-conductor-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
                "product": {
                  "name": "openstack-ironic-conductor-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
                  "product_id": "openstack-ironic-conductor-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-ironic-conductor@19.0.1-0.20220712154507.f14c488.el8?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-ironic-tests-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
                "product": {
                  "name": "python3-ironic-tests-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
                  "product_id": "python3-ironic-tests-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-ironic-tests@19.0.1-0.20220712154507.f14c488.el8?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
                "product": {
                  "name": "openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
                  "product_id": "openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@4.10.0-202207192015.p0.g1e68436.assembly.stream.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
                "product": {
                  "name": "openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
                  "product_id": "openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-test@4.10.0-202207192015.p0.g1e68436.assembly.stream.el7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src"
        },
        "product_reference": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64"
        },
        "product_reference": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64"
        },
        "product_reference": "cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-tools-0:1.23.0-1.1.el7.src as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.src"
        },
        "product_reference": "cri-tools-0:1.23.0-1.1.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-tools-0:1.23.0-1.1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.x86_64"
        },
        "product_reference": "cri-tools-0:1.23.0-1.1.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-tools-debuginfo-0:1.23.0-1.1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "7Server-RH7-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el7.x86_64"
        },
        "product_reference": "cri-tools-debuginfo-0:1.23.0-1.1.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src"
        },
        "product_reference": "openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch"
        },
        "product_reference": "openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src"
        },
        "product_reference": "openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "7Server-RH7-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch"
        },
        "product_reference": "openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src"
        },
        "product_reference": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64"
        },
        "product_reference": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64"
        },
        "product_reference": "openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64"
        },
        "product_reference": "openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64"
        },
        "product_reference": "atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le"
        },
        "product_reference": "atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x"
        },
        "product_reference": "atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src"
        },
        "product_reference": "atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64"
        },
        "product_reference": "atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64"
        },
        "product_reference": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le"
        },
        "product_reference": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x"
        },
        "product_reference": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src"
        },
        "product_reference": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64"
        },
        "product_reference": "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64"
        },
        "product_reference": "cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le"
        },
        "product_reference": "cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x"
        },
        "product_reference": "cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64"
        },
        "product_reference": "cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64"
        },
        "product_reference": "cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le"
        },
        "product_reference": "cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x"
        },
        "product_reference": "cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64"
        },
        "product_reference": "cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-tools-0:1.23.0-1.1.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.aarch64"
        },
        "product_reference": "cri-tools-0:1.23.0-1.1.el8.aarch64",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-tools-0:1.23.0-1.1.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.ppc64le"
        },
        "product_reference": "cri-tools-0:1.23.0-1.1.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-tools-0:1.23.0-1.1.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.s390x"
        },
        "product_reference": "cri-tools-0:1.23.0-1.1.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-tools-0:1.23.0-1.1.el8.src as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.src"
        },
        "product_reference": "cri-tools-0:1.23.0-1.1.el8.src",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-tools-0:1.23.0-1.1.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.x86_64"
        },
        "product_reference": "cri-tools-0:1.23.0-1.1.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-tools-debuginfo-0:1.23.0-1.1.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.aarch64"
        },
        "product_reference": "cri-tools-debuginfo-0:1.23.0-1.1.el8.aarch64",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-tools-debuginfo-0:1.23.0-1.1.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.ppc64le"
        },
        "product_reference": "cri-tools-debuginfo-0:1.23.0-1.1.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-tools-debuginfo-0:1.23.0-1.1.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.s390x"
        },
        "product_reference": "cri-tools-debuginfo-0:1.23.0-1.1.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-tools-debuginfo-0:1.23.0-1.1.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.x86_64"
        },
        "product_reference": "cri-tools-debuginfo-0:1.23.0-1.1.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-tools-debugsource-0:1.23.0-1.1.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.aarch64"
        },
        "product_reference": "cri-tools-debugsource-0:1.23.0-1.1.el8.aarch64",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-tools-debugsource-0:1.23.0-1.1.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.ppc64le"
        },
        "product_reference": "cri-tools-debugsource-0:1.23.0-1.1.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-tools-debugsource-0:1.23.0-1.1.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.s390x"
        },
        "product_reference": "cri-tools-debugsource-0:1.23.0-1.1.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-tools-debugsource-0:1.23.0-1.1.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.x86_64"
        },
        "product_reference": "cri-tools-debugsource-0:1.23.0-1.1.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src"
        },
        "product_reference": "openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch"
        },
        "product_reference": "openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src"
        },
        "product_reference": "openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch"
        },
        "product_reference": "openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64"
        },
        "product_reference": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le"
        },
        "product_reference": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x"
        },
        "product_reference": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src"
        },
        "product_reference": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64"
        },
        "product_reference": "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64"
        },
        "product_reference": "openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64"
        },
        "product_reference": "openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le"
        },
        "product_reference": "openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x"
        },
        "product_reference": "openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64"
        },
        "product_reference": "openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-kuryr-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:openshift-kuryr-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src"
        },
        "product_reference": "openshift-kuryr-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-kuryr-cni-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:openshift-kuryr-cni-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch"
        },
        "product_reference": "openshift-kuryr-cni-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-kuryr-common-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:openshift-kuryr-common-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch"
        },
        "product_reference": "openshift-kuryr-common-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-kuryr-controller-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:openshift-kuryr-controller-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch"
        },
        "product_reference": "openshift-kuryr-controller-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-ironic-1:19.0.1-0.20220712154507.f14c488.el8.src as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:openstack-ironic-1:19.0.1-0.20220712154507.f14c488.el8.src"
        },
        "product_reference": "openstack-ironic-1:19.0.1-0.20220712154507.f14c488.el8.src",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-ironic-api-1:19.0.1-0.20220712154507.f14c488.el8.noarch as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:openstack-ironic-api-1:19.0.1-0.20220712154507.f14c488.el8.noarch"
        },
        "product_reference": "openstack-ironic-api-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-ironic-common-1:19.0.1-0.20220712154507.f14c488.el8.noarch as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:openstack-ironic-common-1:19.0.1-0.20220712154507.f14c488.el8.noarch"
        },
        "product_reference": "openstack-ironic-common-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-ironic-conductor-1:19.0.1-0.20220712154507.f14c488.el8.noarch as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:openstack-ironic-conductor-1:19.0.1-0.20220712154507.f14c488.el8.noarch"
        },
        "product_reference": "openstack-ironic-conductor-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-ironic-tests-1:19.0.1-0.20220712154507.f14c488.el8.noarch as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:python3-ironic-tests-1:19.0.1-0.20220712154507.f14c488.el8.noarch"
        },
        "product_reference": "python3-ironic-tests-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-kuryr-kubernetes-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch as a component of Red Hat OpenShift Container Platform 4.10",
          "product_id": "8Base-RHOSE-4.10:python3-kuryr-kubernetes-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch"
        },
        "product_reference": "python3-kuryr-kubernetes-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
        "relates_to_product_reference": "8Base-RHOSE-4.10"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-23773",
      "cwe": {
        "id": "CWE-1220",
        "name": "Insufficient Granularity of Access Control"
      },
      "discovery_date": "2022-02-11T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src",
            "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
            "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-kuryr-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-kuryr-cni-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-kuryr-common-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-kuryr-controller-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-1:19.0.1-0.20220712154507.f14c488.el8.src",
            "8Base-RHOSE-4.10:openstack-ironic-api-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-common-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-conductor-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:python3-ironic-tests-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:python3-kuryr-kubernetes-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2053541"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.src",
          "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.x86_64",
          "7Server-RH7-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el7.x86_64",
          "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.src",
          "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.x86_64",
          "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.x86_64",
          "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.x86_64"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src",
          "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
          "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
          "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src",
          "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
          "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src",
          "7Server-RH7-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
          "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src",
          "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
          "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
          "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64",
          "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64",
          "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le",
          "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x",
          "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src",
          "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64",
          "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src",
          "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
          "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
          "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
          "8Base-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src",
          "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
          "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src",
          "8Base-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
          "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64",
          "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le",
          "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x",
          "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src",
          "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
          "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
          "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64",
          "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le",
          "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x",
          "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64",
          "8Base-RHOSE-4.10:openshift-kuryr-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src",
          "8Base-RHOSE-4.10:openshift-kuryr-cni-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
          "8Base-RHOSE-4.10:openshift-kuryr-common-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
          "8Base-RHOSE-4.10:openshift-kuryr-controller-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
          "8Base-RHOSE-4.10:openstack-ironic-1:19.0.1-0.20220712154507.f14c488.el8.src",
          "8Base-RHOSE-4.10:openstack-ironic-api-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
          "8Base-RHOSE-4.10:openstack-ironic-common-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
          "8Base-RHOSE-4.10:openstack-ironic-conductor-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
          "8Base-RHOSE-4.10:python3-ironic-tests-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
          "8Base-RHOSE-4.10:python3-kuryr-kubernetes-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-23773"
        },
        {
          "category": "external",
          "summary": "RHBZ#2053541",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23773",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
          "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
        }
      ],
      "release_date": "2022-02-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-01T11:18:52+00:00",
          "details": "For OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html",
          "product_ids": [
            "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.src",
            "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el7.x86_64",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.src",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:5729"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src",
            "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.src",
            "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
            "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.src",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-kuryr-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-kuryr-cni-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-kuryr-common-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-kuryr-controller-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-1:19.0.1-0.20220712154507.f14c488.el8.src",
            "8Base-RHOSE-4.10:openstack-ironic-api-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-common-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-conductor-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:python3-ironic-tests-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:python3-kuryr-kubernetes-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control"
    },
    {
      "cve": "CVE-2022-23806",
      "cwe": {
        "id": "CWE-252",
        "name": "Unchecked Return Value"
      },
      "discovery_date": "2022-02-11T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src",
            "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
            "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-kuryr-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-kuryr-cni-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-kuryr-common-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-kuryr-controller-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-1:19.0.1-0.20220712154507.f14c488.el8.src",
            "8Base-RHOSE-4.10:openstack-ironic-api-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-common-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-conductor-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:python3-ironic-tests-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:python3-kuryr-kubernetes-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2053429"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 \u0026 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.src",
          "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.x86_64",
          "7Server-RH7-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el7.x86_64",
          "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.src",
          "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.x86_64",
          "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.x86_64",
          "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.x86_64"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src",
          "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
          "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
          "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src",
          "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
          "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src",
          "7Server-RH7-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
          "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src",
          "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
          "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
          "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64",
          "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64",
          "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le",
          "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x",
          "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src",
          "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64",
          "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src",
          "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
          "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
          "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
          "8Base-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src",
          "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
          "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src",
          "8Base-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
          "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64",
          "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le",
          "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x",
          "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src",
          "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
          "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
          "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64",
          "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le",
          "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x",
          "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64",
          "8Base-RHOSE-4.10:openshift-kuryr-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src",
          "8Base-RHOSE-4.10:openshift-kuryr-cni-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
          "8Base-RHOSE-4.10:openshift-kuryr-common-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
          "8Base-RHOSE-4.10:openshift-kuryr-controller-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
          "8Base-RHOSE-4.10:openstack-ironic-1:19.0.1-0.20220712154507.f14c488.el8.src",
          "8Base-RHOSE-4.10:openstack-ironic-api-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
          "8Base-RHOSE-4.10:openstack-ironic-common-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
          "8Base-RHOSE-4.10:openstack-ironic-conductor-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
          "8Base-RHOSE-4.10:python3-ironic-tests-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
          "8Base-RHOSE-4.10:python3-kuryr-kubernetes-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-23806"
        },
        {
          "category": "external",
          "summary": "RHBZ#2053429",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23806",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
          "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
        }
      ],
      "release_date": "2022-02-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-01T11:18:52+00:00",
          "details": "For OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html",
          "product_ids": [
            "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.src",
            "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el7.x86_64",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.src",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:5729"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src",
            "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.src",
            "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
            "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.src",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-kuryr-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-kuryr-cni-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-kuryr-common-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-kuryr-controller-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-1:19.0.1-0.20220712154507.f14c488.el8.src",
            "8Base-RHOSE-4.10:openstack-ironic-api-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-common-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-conductor-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:python3-ironic-tests-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:python3-kuryr-kubernetes-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements"
    },
    {
      "cve": "CVE-2022-24675",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2022-04-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src",
            "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
            "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-kuryr-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-kuryr-cni-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-kuryr-common-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-kuryr-controller-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-1:19.0.1-0.20220712154507.f14c488.el8.src",
            "8Base-RHOSE-4.10:openstack-ironic-api-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-common-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-conductor-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:python3-ironic-tests-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:python3-kuryr-kubernetes-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2077688"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: encoding/pem: fix stack overflow in Decode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.src",
          "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.x86_64",
          "7Server-RH7-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el7.x86_64",
          "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.src",
          "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.x86_64",
          "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.x86_64",
          "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.x86_64"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src",
          "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
          "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
          "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src",
          "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
          "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src",
          "7Server-RH7-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
          "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src",
          "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
          "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
          "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64",
          "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64",
          "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le",
          "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x",
          "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src",
          "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64",
          "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src",
          "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
          "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
          "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
          "8Base-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src",
          "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
          "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src",
          "8Base-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
          "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64",
          "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le",
          "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x",
          "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src",
          "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
          "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
          "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64",
          "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le",
          "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x",
          "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64",
          "8Base-RHOSE-4.10:openshift-kuryr-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src",
          "8Base-RHOSE-4.10:openshift-kuryr-cni-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
          "8Base-RHOSE-4.10:openshift-kuryr-common-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
          "8Base-RHOSE-4.10:openshift-kuryr-controller-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
          "8Base-RHOSE-4.10:openstack-ironic-1:19.0.1-0.20220712154507.f14c488.el8.src",
          "8Base-RHOSE-4.10:openstack-ironic-api-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
          "8Base-RHOSE-4.10:openstack-ironic-common-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
          "8Base-RHOSE-4.10:openstack-ironic-conductor-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
          "8Base-RHOSE-4.10:python3-ironic-tests-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
          "8Base-RHOSE-4.10:python3-kuryr-kubernetes-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "RHBZ#2077688",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
          "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
        }
      ],
      "release_date": "2022-04-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-01T11:18:52+00:00",
          "details": "For OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html",
          "product_ids": [
            "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.src",
            "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el7.x86_64",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.src",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:5729"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src",
            "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.src",
            "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
            "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.src",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-kuryr-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-kuryr-cni-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-kuryr-common-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-kuryr-controller-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-1:19.0.1-0.20220712154507.f14c488.el8.src",
            "8Base-RHOSE-4.10:openstack-ironic-api-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-common-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-conductor-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:python3-ironic-tests-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:python3-kuryr-kubernetes-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: encoding/pem: fix stack overflow in Decode"
    },
    {
      "cve": "CVE-2022-24921",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-03-16T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
            "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-kuryr-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-kuryr-cni-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-kuryr-common-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-kuryr-controller-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-1:19.0.1-0.20220712154507.f14c488.el8.src",
            "8Base-RHOSE-4.10:openstack-ironic-api-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-common-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-conductor-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:python3-ironic-tests-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:python3-kuryr-kubernetes-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2064857"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A stack overflow flaw was found in Golang\u0027s regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: regexp: stack exhaustion via a deeply nested expression",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw has been rated as a Moderate impact flaw because the exploitation of this flaw requires that an affected application accept arbitrarily long regexps from untrusted sources, which has inherent risks (even without this flaw), especially involving impacts to application availability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src",
          "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
          "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
          "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.src",
          "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.x86_64",
          "7Server-RH7-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el7.x86_64",
          "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src",
          "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
          "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
          "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
          "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.src",
          "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.x86_64",
          "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.x86_64",
          "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.x86_64"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src",
          "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
          "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src",
          "7Server-RH7-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
          "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src",
          "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
          "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
          "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64",
          "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64",
          "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le",
          "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x",
          "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src",
          "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64",
          "8Base-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src",
          "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
          "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src",
          "8Base-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
          "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64",
          "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le",
          "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x",
          "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src",
          "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
          "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
          "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64",
          "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le",
          "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x",
          "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64",
          "8Base-RHOSE-4.10:openshift-kuryr-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src",
          "8Base-RHOSE-4.10:openshift-kuryr-cni-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
          "8Base-RHOSE-4.10:openshift-kuryr-common-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
          "8Base-RHOSE-4.10:openshift-kuryr-controller-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
          "8Base-RHOSE-4.10:openstack-ironic-1:19.0.1-0.20220712154507.f14c488.el8.src",
          "8Base-RHOSE-4.10:openstack-ironic-api-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
          "8Base-RHOSE-4.10:openstack-ironic-common-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
          "8Base-RHOSE-4.10:openstack-ironic-conductor-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
          "8Base-RHOSE-4.10:python3-ironic-tests-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
          "8Base-RHOSE-4.10:python3-kuryr-kubernetes-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-24921"
        },
        {
          "category": "external",
          "summary": "RHBZ#2064857",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24921",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk",
          "url": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk"
        }
      ],
      "release_date": "2022-03-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-01T11:18:52+00:00",
          "details": "For OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html",
          "product_ids": [
            "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src",
            "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.src",
            "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el7.x86_64",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.src",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:5729"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src",
            "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.src",
            "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
            "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.src",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-kuryr-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-kuryr-cni-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-kuryr-common-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-kuryr-controller-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-1:19.0.1-0.20220712154507.f14c488.el8.src",
            "8Base-RHOSE-4.10:openstack-ironic-api-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-common-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-conductor-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:python3-ironic-tests-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:python3-kuryr-kubernetes-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: regexp: stack exhaustion via a deeply nested expression"
    },
    {
      "cve": "CVE-2022-28327",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2022-04-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src",
            "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
            "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-kuryr-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-kuryr-cni-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-kuryr-common-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-kuryr-controller-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-1:19.0.1-0.20220712154507.f14c488.el8.src",
            "8Base-RHOSE-4.10:openstack-ironic-api-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-common-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-conductor-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:python3-ironic-tests-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:python3-kuryr-kubernetes-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2077689"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An integer overflow flaw was found in Golang\u0027s crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/elliptic: panic caused by oversized scalar",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.src",
          "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.x86_64",
          "7Server-RH7-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el7.x86_64",
          "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.src",
          "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.x86_64",
          "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.x86_64",
          "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.x86_64"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src",
          "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
          "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
          "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src",
          "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
          "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src",
          "7Server-RH7-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
          "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src",
          "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
          "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
          "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64",
          "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64",
          "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le",
          "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x",
          "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src",
          "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64",
          "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src",
          "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
          "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
          "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
          "8Base-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src",
          "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
          "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src",
          "8Base-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
          "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64",
          "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le",
          "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x",
          "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src",
          "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
          "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
          "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64",
          "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le",
          "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x",
          "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64",
          "8Base-RHOSE-4.10:openshift-kuryr-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src",
          "8Base-RHOSE-4.10:openshift-kuryr-cni-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
          "8Base-RHOSE-4.10:openshift-kuryr-common-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
          "8Base-RHOSE-4.10:openshift-kuryr-controller-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
          "8Base-RHOSE-4.10:openstack-ironic-1:19.0.1-0.20220712154507.f14c488.el8.src",
          "8Base-RHOSE-4.10:openstack-ironic-api-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
          "8Base-RHOSE-4.10:openstack-ironic-common-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
          "8Base-RHOSE-4.10:openstack-ironic-conductor-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
          "8Base-RHOSE-4.10:python3-ironic-tests-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
          "8Base-RHOSE-4.10:python3-kuryr-kubernetes-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-28327"
        },
        {
          "category": "external",
          "summary": "RHBZ#2077689",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-28327",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
          "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
        }
      ],
      "release_date": "2022-04-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-01T11:18:52+00:00",
          "details": "For OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html",
          "product_ids": [
            "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.src",
            "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el7.x86_64",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.src",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:5729"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src",
            "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.src",
            "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
            "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.src",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-kuryr-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-kuryr-cni-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-kuryr-common-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-kuryr-controller-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-1:19.0.1-0.20220712154507.f14c488.el8.src",
            "8Base-RHOSE-4.10:openstack-ironic-api-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-common-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-conductor-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:python3-ironic-tests-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:python3-kuryr-kubernetes-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: crypto/elliptic: panic caused by oversized scalar"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jo\u00ebl G\u00e4hwiler"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2022-29526",
      "cwe": {
        "id": "CWE-280",
        "name": "Improper Handling of Insufficient Permissions or Privileges "
      },
      "discovery_date": "2022-05-11T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.src",
            "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.src",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-kuryr-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-kuryr-cni-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-kuryr-common-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-kuryr-controller-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-1:19.0.1-0.20220712154507.f14c488.el8.src",
            "8Base-RHOSE-4.10:openstack-ironic-api-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-common-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-conductor-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:python3-ironic-tests-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:python3-kuryr-kubernetes-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2084085"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file\u0027s group, affecting system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: syscall: faccessat checks wrong group",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src",
          "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
          "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
          "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src",
          "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src",
          "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
          "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
          "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64",
          "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64",
          "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le",
          "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x",
          "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src",
          "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64",
          "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src",
          "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
          "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
          "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
          "8Base-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src",
          "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64",
          "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le",
          "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x",
          "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src",
          "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
          "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
          "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64",
          "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le",
          "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x",
          "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.src",
          "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.x86_64",
          "7Server-RH7-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el7.x86_64",
          "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
          "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src",
          "7Server-RH7-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
          "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.src",
          "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.x86_64",
          "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.x86_64",
          "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.aarch64",
          "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.ppc64le",
          "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.s390x",
          "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.x86_64",
          "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
          "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src",
          "8Base-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
          "8Base-RHOSE-4.10:openshift-kuryr-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src",
          "8Base-RHOSE-4.10:openshift-kuryr-cni-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
          "8Base-RHOSE-4.10:openshift-kuryr-common-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
          "8Base-RHOSE-4.10:openshift-kuryr-controller-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
          "8Base-RHOSE-4.10:openstack-ironic-1:19.0.1-0.20220712154507.f14c488.el8.src",
          "8Base-RHOSE-4.10:openstack-ironic-api-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
          "8Base-RHOSE-4.10:openstack-ironic-common-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
          "8Base-RHOSE-4.10:openstack-ironic-conductor-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
          "8Base-RHOSE-4.10:python3-ironic-tests-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
          "8Base-RHOSE-4.10:python3-kuryr-kubernetes-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-29526"
        },
        {
          "category": "external",
          "summary": "RHBZ#2084085",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29526",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU",
          "url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU"
        }
      ],
      "release_date": "2022-05-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-01T11:18:52+00:00",
          "details": "For OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html",
          "product_ids": [
            "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src",
            "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:5729"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.src",
            "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.src",
            "7Server-RH7-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el7.noarch",
            "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.src",
            "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7.x86_64",
            "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7.x86_64",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.src",
            "8Base-RHOSE-4.10:cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.src",
            "8Base-RHOSE-4.10:cri-tools-0:1.23.0-1.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-debuginfo-0:1.23.0-1.1.el8.x86_64",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.aarch64",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.ppc64le",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.s390x",
            "8Base-RHOSE-4.10:cri-tools-debugsource-0:1.23.0-1.1.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-ansible-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-ansible-test-0:4.10.0-202207192015.p0.g1e68436.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.aarch64",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.ppc64le",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.s390x",
            "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el8.x86_64",
            "8Base-RHOSE-4.10:openshift-kuryr-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.src",
            "8Base-RHOSE-4.10:openshift-kuryr-cni-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-kuryr-common-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openshift-kuryr-controller-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-1:19.0.1-0.20220712154507.f14c488.el8.src",
            "8Base-RHOSE-4.10:openstack-ironic-api-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-common-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:openstack-ironic-conductor-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:python3-ironic-tests-1:19.0.1-0.20220712154507.f14c488.el8.noarch",
            "8Base-RHOSE-4.10:python3-kuryr-kubernetes-0:4.10.0-202207192015.p0.ge96efa4.assembly.stream.el8.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: syscall: faccessat checks wrong group"
    }
  ]
}

CVE-2022-29526 (GCVE-0-2022-29526)

Vulnerability from cvelistv5 – Published: 2022-06-22 13:15 – Updated: 2024-08-03 06:26

Summary

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

9 references

URL	Tags
https://groups.google.com/g/golang-announce	x_refsource_MISC
https://github.com/golang/go/issues/52313	x_refsource_MISC
https://groups.google.com/g/golang-announce/c/Y5q…	x_refsource_MISC
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://security.netapp.com/advisory/ntap-2022072…	x_refsource_CONFIRM
https://security.gentoo.org/glsa/202208-02	vendor-advisoryx_refsource_GENTOO
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:26:06.342Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/golang/go/issues/52313"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU"
          },
          {
            "name": "FEDORA-2022-fae3ecee19",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/"
          },
          {
            "name": "FEDORA-2022-ffe7dba2cb",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X/"
          },
          {
            "name": "FEDORA-2022-ba365d3703",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220729-0001/"
          },
          {
            "name": "GLSA-202208-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-02"
          },
          {
            "name": "FEDORA-2022-30c5ed5625",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-17T03:08:35.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/g/golang-announce"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/golang/go/issues/52313"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU"
        },
        {
          "name": "FEDORA-2022-fae3ecee19",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/"
        },
        {
          "name": "FEDORA-2022-ffe7dba2cb",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X/"
        },
        {
          "name": "FEDORA-2022-ba365d3703",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220729-0001/"
        },
        {
          "name": "GLSA-202208-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202208-02"
        },
        {
          "name": "FEDORA-2022-30c5ed5625",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-29526",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://groups.google.com/g/golang-announce",
              "refsource": "MISC",
              "url": "https://groups.google.com/g/golang-announce"
            },
            {
              "name": "https://github.com/golang/go/issues/52313",
              "refsource": "MISC",
              "url": "https://github.com/golang/go/issues/52313"
            },
            {
              "name": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU",
              "refsource": "MISC",
              "url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU"
            },
            {
              "name": "FEDORA-2022-fae3ecee19",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/"
            },
            {
              "name": "FEDORA-2022-ffe7dba2cb",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X/"
            },
            {
              "name": "FEDORA-2022-ba365d3703",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220729-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220729-0001/"
            },
            {
              "name": "GLSA-202208-02",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202208-02"
            },
            {
              "name": "FEDORA-2022-30c5ed5625",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-29526",
    "datePublished": "2022-06-22T13:15:32.000Z",
    "dateReserved": "2022-04-20T00:00:00.000Z",
    "dateUpdated": "2024-08-03T06:26:06.342Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-23773 (GCVE-0-2022-23773)

Vulnerability from cvelistv5 – Published: 2022-02-11 00:16 – Updated: 2024-08-03 03:51

Summary

cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

4 references

URL	Tags
https://www.oracle.com/security-alerts/cpujul2022.html	x_refsource_MISC
https://groups.google.com/g/golang-announce/c/SUs…	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2022022…	x_refsource_CONFIRM
https://security.gentoo.org/glsa/202208-02	vendor-advisoryx_refsource_GENTOO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:51:45.976Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
          },
          {
            "name": "GLSA-202208-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-04T15:12:04.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
        },
        {
          "name": "GLSA-202208-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202208-02"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-23773",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "name": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
              "refsource": "MISC",
              "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220225-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
            },
            {
              "name": "GLSA-202208-02",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202208-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-23773",
    "datePublished": "2022-02-11T00:16:08.000Z",
    "dateReserved": "2022-01-20T00:00:00.000Z",
    "dateUpdated": "2024-08-03T03:51:45.976Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-28327 (GCVE-0-2022-28327)

Vulnerability from cvelistv5 – Published: 2022-04-20 00:00 – Updated: 2024-08-03 05:48

Summary

The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

12 references

URL	Tags
https://groups.google.com/g/golang-announce
https://groups.google.com/g/golang-announce/c/oec…
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://security.gentoo.org/glsa/202208-02	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://security.netapp.com/advisory/ntap-2022091…
https://cert-portal.siemens.com/productcert/pdf/s…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:48:38.092Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
          },
          {
            "name": "FEDORA-2022-a49babed75",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM/"
          },
          {
            "name": "FEDORA-2022-53f0c619c5",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NY6GEAJMNKKMU5H46QO4D7D6A24KSPXE/"
          },
          {
            "name": "FEDORA-2022-c0f780ecf1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY/"
          },
          {
            "name": "FEDORA-2022-e46e6e8317",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCRSABD6CUDIZULZPZL5BJ3ET3A2NEJP/"
          },
          {
            "name": "FEDORA-2022-fae3ecee19",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/"
          },
          {
            "name": "FEDORA-2022-ba365d3703",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/"
          },
          {
            "name": "GLSA-202208-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-02"
          },
          {
            "name": "FEDORA-2022-30c5ed5625",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220915-0010/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-14T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://groups.google.com/g/golang-announce"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
        },
        {
          "name": "FEDORA-2022-a49babed75",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM/"
        },
        {
          "name": "FEDORA-2022-53f0c619c5",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NY6GEAJMNKKMU5H46QO4D7D6A24KSPXE/"
        },
        {
          "name": "FEDORA-2022-c0f780ecf1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY/"
        },
        {
          "name": "FEDORA-2022-e46e6e8317",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCRSABD6CUDIZULZPZL5BJ3ET3A2NEJP/"
        },
        {
          "name": "FEDORA-2022-fae3ecee19",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/"
        },
        {
          "name": "FEDORA-2022-ba365d3703",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/"
        },
        {
          "name": "GLSA-202208-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202208-02"
        },
        {
          "name": "FEDORA-2022-30c5ed5625",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220915-0010/"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-28327",
    "datePublished": "2022-04-20T00:00:00.000Z",
    "dateReserved": "2022-04-01T00:00:00.000Z",
    "dateUpdated": "2024-08-03T05:48:38.092Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-24921 (GCVE-0-2022-24921)

Vulnerability from cvelistv5 – Published: 2022-03-05 00:00 – Updated: 2024-08-03 04:29

Summary

regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

7 references

URL	Tags
https://groups.google.com/g/golang-announce/c/RP1…
https://security.netapp.com/advisory/ntap-2022032…
https://lists.debian.org/debian-lts-announce/2022…	mailing-list
https://lists.debian.org/debian-lts-announce/2022…	mailing-list
https://security.gentoo.org/glsa/202208-02	vendor-advisory
https://cert-portal.siemens.com/productcert/pdf/s…
https://lists.debian.org/debian-lts-announce/2023…	mailing-list

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:29:01.519Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220325-0010/"
          },
          {
            "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2985-1] golang-1.7 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html"
          },
          {
            "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2986-1] golang-1.8 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html"
          },
          {
            "name": "GLSA-202208-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf"
          },
          {
            "name": "[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-19T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220325-0010/"
        },
        {
          "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2985-1] golang-1.7 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html"
        },
        {
          "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2986-1] golang-1.8 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html"
        },
        {
          "name": "GLSA-202208-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202208-02"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf"
        },
        {
          "name": "[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-24921",
    "datePublished": "2022-03-05T00:00:00.000Z",
    "dateReserved": "2022-02-10T00:00:00.000Z",
    "dateUpdated": "2024-08-03T04:29:01.519Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-24675 (GCVE-0-2022-24675)

Vulnerability from cvelistv5 – Published: 2022-04-20 00:00 – Updated: 2024-08-03 04:20

Summary

encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

11 references

URL	Tags
https://groups.google.com/g/golang-announce
https://groups.google.com/g/golang-announce/c/oec…
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://security.gentoo.org/glsa/202208-02	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://security.netapp.com/advisory/ntap-2022091…
https://cert-portal.siemens.com/productcert/pdf/s…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:20:49.135Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
          },
          {
            "name": "FEDORA-2022-a49babed75",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM/"
          },
          {
            "name": "FEDORA-2022-c0f780ecf1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY/"
          },
          {
            "name": "FEDORA-2022-e46e6e8317",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCRSABD6CUDIZULZPZL5BJ3ET3A2NEJP/"
          },
          {
            "name": "FEDORA-2022-fae3ecee19",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/"
          },
          {
            "name": "FEDORA-2022-ba365d3703",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/"
          },
          {
            "name": "GLSA-202208-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-02"
          },
          {
            "name": "FEDORA-2022-30c5ed5625",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220915-0010/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-14T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://groups.google.com/g/golang-announce"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
        },
        {
          "name": "FEDORA-2022-a49babed75",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM/"
        },
        {
          "name": "FEDORA-2022-c0f780ecf1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY/"
        },
        {
          "name": "FEDORA-2022-e46e6e8317",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCRSABD6CUDIZULZPZL5BJ3ET3A2NEJP/"
        },
        {
          "name": "FEDORA-2022-fae3ecee19",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/"
        },
        {
          "name": "FEDORA-2022-ba365d3703",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/"
        },
        {
          "name": "GLSA-202208-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202208-02"
        },
        {
          "name": "FEDORA-2022-30c5ed5625",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220915-0010/"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-24675",
    "datePublished": "2022-04-20T00:00:00.000Z",
    "dateReserved": "2022-02-08T00:00:00.000Z",
    "dateUpdated": "2024-08-03T04:20:49.135Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-23806 (GCVE-0-2022-23806)

Vulnerability from cvelistv5 – Published: 2022-02-11 00:00 – Updated: 2024-08-03 03:51

Summary

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

7 references

URL	Tags
https://lists.debian.org/debian-lts-announce/2022…	mailing-list
https://lists.debian.org/debian-lts-announce/2022…	mailing-list
https://www.oracle.com/security-alerts/cpujul2022.html
https://groups.google.com/g/golang-announce/c/SUs…
https://security.netapp.com/advisory/ntap-2022022…
https://security.gentoo.org/glsa/202208-02	vendor-advisory
https://lists.debian.org/debian-lts-announce/2023…	mailing-list

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:51:45.994Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2985-1] golang-1.7 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html"
          },
          {
            "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2986-1] golang-1.8 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
          },
          {
            "name": "GLSA-202208-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-02"
          },
          {
            "name": "[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-19T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2985-1] golang-1.7 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html"
        },
        {
          "name": "[debian-lts-announce] 20220428 [SECURITY] [DLA 2986-1] golang-1.8 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220225-0006/"
        },
        {
          "name": "GLSA-202208-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202208-02"
        },
        {
          "name": "[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-23806",
    "datePublished": "2022-02-11T00:00:00.000Z",
    "dateReserved": "2022-01-21T00:00:00.000Z",
    "dateUpdated": "2024-08-03T03:51:45.994Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2022_5729

CVE-2022-29526 (GCVE-0-2022-29526)

CVE-2022-23773 (GCVE-0-2022-23773)

CVE-2022-28327 (GCVE-0-2022-28327)

CVE-2022-24921 (GCVE-0-2022-24921)

CVE-2022-24675 (GCVE-0-2022-24675)

CVE-2022-23806 (GCVE-0-2022-23806)

Tags

Sightings

Nomenclature