rhsa-2024_7213
Vulnerability from csaf_redhat
Published
2024-09-26 13:26
Modified
2024-11-06 13:53
Summary
Red Hat Security Advisory: Updated service-interconnect rhel9 container images for 1.4 LTS

Notes

Topic
Updated service-interconnect container images are now available for Service Interconnect 1.4 LTS for RHEL 9.
Details
Users of service-interconnect 1.4 LTS rhel9 container images are advised to upgrade to these updated images, which contain backported patches to correct security issues and fix bugs. Users of these images are also encouraged to rebuild all container images that depend on these images. You can find images updated by this advisory the in Red Hat Container Catalog
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated service-interconnect container images are now available for Service Interconnect 1.4 LTS for RHEL 9.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Users of service-interconnect 1.4 LTS rhel9 container images are advised\nto upgrade to these updated images, which contain backported patches to correct security issues and fix bugs. \nUsers of these images are also encouraged to rebuild all container images that depend on these images.\nYou can find images updated by this advisory the in Red Hat Container Catalog",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:7213",
        "url": "https://access.redhat.com/errata/RHSA-2024:7213"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "2270498",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270498"
      },
      {
        "category": "external",
        "summary": "2279632",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279632"
      },
      {
        "category": "external",
        "summary": "2294676",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294676"
      },
      {
        "category": "external",
        "summary": "2294677",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294677"
      },
      {
        "category": "external",
        "summary": "2297771",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297771"
      },
      {
        "category": "external",
        "summary": "2302255",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302255"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7213.json"
      }
    ],
    "title": "Red Hat Security Advisory: Updated service-interconnect rhel9 container images for 1.4 LTS",
    "tracking": {
      "current_release_date": "2024-11-06T13:53:19+00:00",
      "generator": {
        "date": "2024-11-06T13:53:19+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.1.1"
        }
      },
      "id": "RHSA-2024:7213",
      "initial_release_date": "2024-09-26T13:26:32+00:00",
      "revision_history": [
        {
          "date": "2024-09-26T13:26:32+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-09-26T13:26:32+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-06T13:53:19+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "9Base-Service-Interconnect-1.4",
                "product": {
                  "name": "9Base-Service-Interconnect-1.4",
                  "product_id": "9Base-Service-Interconnect-1.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Service Interconnect"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
                "product": {
                  "name": "service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
                  "product_id": "service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-config-sync-rhel9\u0026tag=1.4.7-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
                "product": {
                  "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
                  "product_id": "service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-flow-collector-rhel9\u0026tag=1.4.7-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
                "product": {
                  "name": "service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
                  "product_id": "service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-operator-bundle\u0026tag=1.4.7-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
                "product": {
                  "name": "service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
                  "product_id": "service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-router-rhel9\u0026tag=2.4.3-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
                "product": {
                  "name": "service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
                  "product_id": "service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-service-controller-rhel9\u0026tag=1.4.7-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64",
                "product": {
                  "name": "service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64",
                  "product_id": "service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90?arch=amd64\u0026repository_url=registry.redhat.io/service-interconnect/skupper-site-controller-rhel9\u0026tag=1.4.7-2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64 as a component of 9Base-Service-Interconnect-1.4",
          "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64"
        },
        "product_reference": "service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
        "relates_to_product_reference": "9Base-Service-Interconnect-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64 as a component of 9Base-Service-Interconnect-1.4",
          "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64"
        },
        "product_reference": "service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
        "relates_to_product_reference": "9Base-Service-Interconnect-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64 as a component of 9Base-Service-Interconnect-1.4",
          "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64"
        },
        "product_reference": "service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
        "relates_to_product_reference": "9Base-Service-Interconnect-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64 as a component of 9Base-Service-Interconnect-1.4",
          "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64"
        },
        "product_reference": "service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
        "relates_to_product_reference": "9Base-Service-Interconnect-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64 as a component of 9Base-Service-Interconnect-1.4",
          "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64"
        },
        "product_reference": "service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
        "relates_to_product_reference": "9Base-Service-Interconnect-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64 as a component of 9Base-Service-Interconnect-1.4",
          "product_id": "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
        },
        "product_reference": "service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64",
        "relates_to_product_reference": "9Base-Service-Interconnect-1.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-2398",
      "cwe": {
        "id": "CWE-772",
        "name": "Missing Release of Resource after Effective Lifetime"
      },
      "discovery_date": "2024-03-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2270498"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "curl: HTTP/2 push headers memory-leak",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-2398"
        },
        {
          "category": "external",
          "summary": "RHBZ#2270498",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270498"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-2398",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-2398",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2398"
        },
        {
          "category": "external",
          "summary": "https://curl.se/docs/CVE-2024-2398.html",
          "url": "https://curl.se/docs/CVE-2024-2398.html"
        }
      ],
      "release_date": "2024-03-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-09-26T13:26:32+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:7213"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "curl: HTTP/2 push headers memory-leak"
    },
    {
      "cve": "CVE-2024-6119",
      "cwe": {
        "id": "CWE-843",
        "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
      },
      "discovery_date": "2024-08-20T17:50:04+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2306158"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "openssl: Possible denial of service in X.509 name checks",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is classified as moderate severity rather than important because it primarily affects specific use cases involving certificate name checks against otherName subject alternative names, a scenario that is not commonly encountered. The issue only triggers a denial of service (DoS) by causing an abnormal application termination, without compromising the integrity, confidentiality, or availability of data at a broader scale. Additionally, TLS servers, which typically don\u0027t perform reference identity checks during client certificate validation, are largely unaffected. The impact is localized to certain TLS clients performing specific name comparisons, reducing the overall risk profile and justifying the moderate severity classification.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-6119"
        },
        {
          "category": "external",
          "summary": "RHBZ#2306158",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2306158"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-6119",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6119",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6119"
        },
        {
          "category": "external",
          "summary": "https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj",
          "url": "https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj"
        }
      ],
      "release_date": "2024-09-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-09-26T13:26:32+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:7213"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "openssl: Possible denial of service in X.509 name checks"
    },
    {
      "cve": "CVE-2024-6345",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2024-07-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2297771"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat OpenStack does not include setuptools. The ImcSdk component uses it only during compile time in our build systems, and we do not support recompiling SRPMs. As a result, Red Hat OpenStack is not affected by this flaw.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-6345"
        },
        {
          "category": "external",
          "summary": "RHBZ#2297771",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297771"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-6345",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345"
        },
        {
          "category": "external",
          "summary": "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0",
          "url": "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0"
        },
        {
          "category": "external",
          "summary": "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5",
          "url": "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5"
        }
      ],
      "release_date": "2024-07-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-09-26T13:26:32+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:7213"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools"
    },
    {
      "cve": "CVE-2024-6923",
      "discovery_date": "2024-08-01T14:30:06+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2302255"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the email module that uses Python language. The email module doesn\u0027t properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "cpython: python: email module doesn\u0027t properly quotes newlines in email headers, allowing header injection",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Versions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-6923"
        },
        {
          "category": "external",
          "summary": "RHBZ#2302255",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302255"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-6923",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6923",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6923"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/issues/121650",
          "url": "https://github.com/python/cpython/issues/121650"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/pull/122233",
          "url": "https://github.com/python/cpython/pull/122233"
        },
        {
          "category": "external",
          "summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/",
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/"
        }
      ],
      "release_date": "2024-08-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-09-26T13:26:32+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:7213"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "cpython: python: email module doesn\u0027t properly quotes newlines in email headers, allowing header injection"
    },
    {
      "cve": "CVE-2024-34397",
      "cwe": {
        "id": "CWE-940",
        "name": "Improper Verification of Source of a Communication Channel"
      },
      "discovery_date": "2024-05-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2279632"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "glib2: Signal subscription vulnerabilities",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-34397"
        },
        {
          "category": "external",
          "summary": "RHBZ#2279632",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279632"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34397",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-34397"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34397",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34397"
        },
        {
          "category": "external",
          "summary": "https://gitlab.gnome.org/GNOME/glib/-/issues/3268",
          "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3268"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2024/05/07/5",
          "url": "https://www.openwall.com/lists/oss-security/2024/05/07/5"
        }
      ],
      "release_date": "2024-05-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-09-26T13:26:32+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:7213"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "glib2: Signal subscription vulnerabilities"
    },
    {
      "cve": "CVE-2024-37370",
      "discovery_date": "2024-06-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2294677"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "krb5: GSS message token handling",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability has an ability to disrupt authentication process and attackers able to alter the token data durning the transmission which leads to disruption in service and an attacker can void the integrity by altering the token durning the transmission for authentication process. This has been rated as moderate by Redhat as the vulnerability cannot be exploited in a way that it leads to a loss of availability or integrity,when in transmission token count field can be changed making the token appear truncated.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-37370"
        },
        {
          "category": "external",
          "summary": "RHBZ#2294677",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294677"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-37370",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-37370"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-37370",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37370"
        },
        {
          "category": "external",
          "summary": "https://web.mit.edu/kerberos/www/krb5-1.21/",
          "url": "https://web.mit.edu/kerberos/www/krb5-1.21/"
        }
      ],
      "release_date": "2024-06-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-09-26T13:26:32+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:7213"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "krb5: GSS message token handling"
    },
    {
      "cve": "CVE-2024-37371",
      "discovery_date": "2024-06-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2294676"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "krb5: GSS message token handling",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is classified as a moderate severity vulnerability because, while it allows an attacker to modify the plaintext \"Extra Count\" field of a GSS krb5 wrap token, the impact is primarily limited to token truncation at the application layer. This truncation can disrupt services but does not directly lead to a full compromise of confidentiality or integrity. The attack requires that the attacker already has access to a valid token transmission to modify, meaning it cannot be exploited remotely without first obtaining or intercepting a valid token.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-37371"
        },
        {
          "category": "external",
          "summary": "RHBZ#2294676",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294676"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-37371",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-37371"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-37371",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37371"
        },
        {
          "category": "external",
          "summary": "https://web.mit.edu/kerberos/www/krb5-1.21/",
          "url": "https://web.mit.edu/kerberos/www/krb5-1.21/"
        }
      ],
      "release_date": "2024-06-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-09-26T13:26:32+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:7213"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "krb5: GSS message token handling"
    },
    {
      "cve": "CVE-2024-45490",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2024-08-30T03:20:06.675968+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2308615"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in libexpat\u0027s xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libexpat: Negative Length Parsing Vulnerability in libexpat",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The CVE-2024-45490 vulnerability is rated as moderate severity because while it allows for memory corruption through improper argument handling in XML_ParseBuffer, the exploitability is limited. Specifically, it requires an unlikely scenario where the input passed to the function has a negative length (len \u003c 0), which would typically not occur in well-formed applications. Moreover, while the impact includes denial of service (DoS), the conditions necessary for arbitrary code execution are non-trivial, requiring specific exploitation of memory corruption. Since it primarily leads to application crashes without an easily accessible attack vector for remote code execution, the risk is lower compared to higher-severity vulnerabilities that offer more direct pathways to exploitation.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-45490"
        },
        {
          "category": "external",
          "summary": "RHBZ#2308615",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308615"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45490",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45490"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45490",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45490"
        },
        {
          "category": "external",
          "summary": "https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes",
          "url": "https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes"
        },
        {
          "category": "external",
          "summary": "https://github.com/libexpat/libexpat/issues/887",
          "url": "https://github.com/libexpat/libexpat/issues/887"
        },
        {
          "category": "external",
          "summary": "https://github.com/libexpat/libexpat/pull/890",
          "url": "https://github.com/libexpat/libexpat/pull/890"
        }
      ],
      "release_date": "2024-08-30T03:15:03.757000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-09-26T13:26:32+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:7213"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "libexpat: Negative Length Parsing Vulnerability in libexpat"
    },
    {
      "cve": "CVE-2024-45491",
      "discovery_date": "2024-08-30T03:20:09.474759+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2308616"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An issue was found in libexpat\u2019s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libexpat: Integer Overflow or Wraparound",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is classified as Moderate severity rather than Important due to its reliance on specific conditions for exploitation. The integer overflow in dtdCopy affecting nDefaultAtts is limited to 32-bit platforms, reducing the attack surface as many modern systems operate on 64-bit architectures. Additionally, while the impact can lead to denial of service and potentially arbitrary code execution, the latter requires precise manipulation of the overflow condition, which may be non-trivial for attackers to achieve reliably. The constrained platform scope and the complexity of exploitation lower the overall severity, though it still poses a risk in environments where 32-bit systems are prevalent.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-45491"
        },
        {
          "category": "external",
          "summary": "RHBZ#2308616",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308616"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45491",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45491",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45491"
        },
        {
          "category": "external",
          "summary": "https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes",
          "url": "https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes"
        },
        {
          "category": "external",
          "summary": "https://github.com/libexpat/libexpat/issues/888",
          "url": "https://github.com/libexpat/libexpat/issues/888"
        },
        {
          "category": "external",
          "summary": "https://github.com/libexpat/libexpat/pull/891",
          "url": "https://github.com/libexpat/libexpat/pull/891"
        }
      ],
      "release_date": "2024-08-30T03:15:03.850000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-09-26T13:26:32+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:7213"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "libexpat: Integer Overflow or Wraparound"
    },
    {
      "cve": "CVE-2024-45492",
      "discovery_date": "2024-08-30T03:20:11.638476+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2308617"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in libexpat\u0027s internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libexpat: integer overflow",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "CVE-2024-45492 is categorized as a Moderate severity issue rather than Important due to the specific conditions required for exploitation and the limited scope of impact. While an integer overflow in the nextScaffoldPart function on 32-bit platforms can potentially lead to denial of service (DoS) or, in rare cases, arbitrary code execution, the vulnerability is platform-specific, affecting only 32-bit architectures with particular handling of UINT_MAX and SIZE_MAX. Additionally, exploiting the overflow for arbitrary code execution would require precise manipulation of memory, making it a less likely attack vector. The primary risk of DoS, without guaranteed escalation to remote code execution, further justifies the moderate severity classification.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
          "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-45492"
        },
        {
          "category": "external",
          "summary": "RHBZ#2308617",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308617"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45492",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45492"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45492",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45492"
        },
        {
          "category": "external",
          "summary": "https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes",
          "url": "https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes"
        },
        {
          "category": "external",
          "summary": "https://github.com/libexpat/libexpat/issues/889",
          "url": "https://github.com/libexpat/libexpat/issues/889"
        },
        {
          "category": "external",
          "summary": "https://github.com/libexpat/libexpat/pull/892",
          "url": "https://github.com/libexpat/libexpat/pull/892"
        }
      ],
      "release_date": "2024-08-30T03:15:03.930000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-09-26T13:26:32+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:7213"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-config-sync-rhel9@sha256:025f8c5b4ea63567a49b79945932e877f2279bc149c832283226a8488590ab37_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-flow-collector-rhel9@sha256:c338911564f18192114799711b16bc3015da0f53cbc9eb44418b6d1e78864bf9_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-operator-bundle@sha256:b6d7798d7fdfd40662f0d479efe7eb35414cbbd3643ea02cd05c71aeea020ffb_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-router-rhel9@sha256:0f7be97ca4fabb79ff77557429f0d08118eb5afc4e7322361493d322ae57cd08_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-service-controller-rhel9@sha256:2da6dba7b2c9a47d0eedd7915a470d1a4e435848962ba39c72b8ea0d2bc9c1d8_amd64",
            "9Base-Service-Interconnect-1.4:service-interconnect/skupper-site-controller-rhel9@sha256:04dd17efae41b6d7e07fd89b8eddca076dfea7cb4e603a83c5c4e27062ef4c90_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "libexpat: integer overflow"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.