csaf_certbund - wid-sec-w-2024-3728

wid-sec-w-2024-3728

Vulnerability from csaf_certbund

Published

2024-12-18 23:00

Modified

2025-06-24 22:00

Summary

Golang Go (x/net/html): Schwachstelle ermöglicht Denial of Service

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Go ist eine quelloffene Programmiersprache.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Golang Go im "x/net/html" Paket ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux - MacOS X - Sonstiges - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Go ist eine quelloffene Programmiersprache.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Golang Go im \"x/net/html\" Paket ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Sonstiges\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3728 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3728.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3728 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3728"
      },
      {
        "category": "external",
        "summary": "Go issue 70906 vom 2024-12-18",
        "url": "https://go.dev/issue/70906"
      },
      {
        "category": "external",
        "summary": "GitHub Database",
        "url": "https://github.com/advisories/GHSA-w32m-9786-jp63"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2024:14603-1 vom 2024-12-20",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/GN5BTYONDVDULOG3YURKUJNL2YZ2LDHU/"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2025-0620FDEBB6 vom 2025-01-05",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-0620fdebb6"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0048 vom 2025-01-07",
        "url": "https://access.redhat.com/errata/RHSA-2025:0048"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7197-1 vom 2025-01-09",
        "url": "https://ubuntu.com/security/notices/USN-7197-1"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0224 vom 2025-01-09",
        "url": "https://access.redhat.com/errata/RHSA-2025:0224"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:14639-1 vom 2025-01-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/UHS4NHWGXZ2TKRE7FZUZI5JIQDOZ4E4E/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0115 vom 2025-01-14",
        "url": "https://access.redhat.com/errata/RHSA-2025:0115"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:14634-1 vom 2025-01-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/VCY3UOSZNLMH6IOLEYWFNO3UOF3DLF3P/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0121 vom 2025-01-15",
        "url": "https://access.redhat.com/errata/RHSA-2025:0121"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0140 vom 2025-01-15",
        "url": "https://access.redhat.com/errata/RHSA-2025:0140"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0385 vom 2025-01-16",
        "url": "https://access.redhat.com/errata/RHSA-2025:0385"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0384 vom 2025-01-16",
        "url": "https://access.redhat.com/errata/RHSA-2025:0384"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0386 vom 2025-01-16",
        "url": "https://access.redhat.com/errata/RHSA-2025:0386"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0560 vom 2025-01-21",
        "url": "https://access.redhat.com/errata/RHSA-2025:0560"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0364 vom 2025-01-22",
        "url": "https://access.redhat.com/errata/RHSA-2025:0364"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0552 vom 2025-01-21",
        "url": "https://access.redhat.com/errata/RHSA-2025:0552"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0576 vom 2025-01-22",
        "url": "https://access.redhat.com/errata/RHSA-2025:0576"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0577 vom 2025-01-22",
        "url": "https://access.redhat.com/errata/RHSA-2025:0577"
      },
      {
        "category": "external",
        "summary": "Zabbix Security Advisory ZBX-25916 vom 2025-01-22",
        "url": "https://support.zabbix.com/browse/ZBX-25916"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:14666-1 vom 2025-01-22",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/VI6PLACYTL73MKICQUXPS2F2JPQOB565/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0679 vom 2025-01-23",
        "url": "https://access.redhat.com/errata/RHSA-2025:0679"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0678 vom 2025-01-23",
        "url": "https://access.redhat.com/errata/RHSA-2025:0678"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2025-93D6242840 vom 2025-01-26",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-93d6242840"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2025-CD51E0177B vom 2025-01-26",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-cd51e0177b"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0653 vom 2025-01-28",
        "url": "https://access.redhat.com/errata/RHSA-2025:0653"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0654 vom 2025-01-28",
        "url": "https://access.redhat.com/errata/RHSA-2025:0654"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0778 vom 2025-01-28",
        "url": "https://access.redhat.com/errata/RHSA-2025:0778"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0785 vom 2025-01-28",
        "url": "https://access.redhat.com/errata/RHSA-2025:0785"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0650 vom 2025-01-29",
        "url": "https://access.redhat.com/errata/RHSA-2025:0650"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0649 vom 2025-01-29",
        "url": "https://access.redhat.com/errata/RHSA-2025:0649"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0775 vom 2025-01-28",
        "url": "https://access.redhat.com/errata/RHSA-2025:0775"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0783 vom 2025-01-28",
        "url": "https://access.redhat.com/errata/RHSA-2025:0783"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0646 vom 2025-01-29",
        "url": "https://access.redhat.com/errata/RHSA-2025:0646"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0821 vom 2025-01-29",
        "url": "https://access.redhat.com/errata/RHSA-2025:0821"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0645 vom 2025-01-29",
        "url": "https://access.redhat.com/errata/RHSA-2025:0645"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:14721-1 vom 2025-02-01",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5YFLTCQGRUOCTVDQZEWUHS7QKU3FNK4S/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0892 vom 2025-02-03",
        "url": "https://access.redhat.com/errata/RHSA-2025:0892"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0907 vom 2025-02-03",
        "url": "https://access.redhat.com/errata/RHSA-2025:0907"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:14725-1 vom 2025-02-04",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/TQKDFR4QSFMEP533OXGQTCJ6QXWSSDKD/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:1013 vom 2025-02-04",
        "url": "https://access.redhat.com/errata/RHSA-2025:1013"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2025-2749 vom 2025-02-04",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2025-2749.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:14725-1 vom 2025-02-04",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TQKDFR4QSFMEP533OXGQTCJ6QXWSSDKD/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:1050 vom 2025-02-05",
        "url": "https://access.redhat.com/errata/RHSA-2025:1050"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:1051 vom 2025-02-05",
        "url": "https://access.redhat.com/errata/RHSA-2025:1051"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:1053 vom 2025-02-05",
        "url": "https://access.redhat.com/errata/RHSA-2025:1053"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0875 vom 2025-02-05",
        "url": "https://access.redhat.com/errata/RHSA-2025:0875"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0827 vom 2025-02-06",
        "url": "https://access.redhat.com/errata/RHSA-2025:0827"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0832 vom 2025-02-06",
        "url": "https://access.redhat.com/errata/RHSA-2025:0832"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0831 vom 2025-02-06",
        "url": "https://access.redhat.com/errata/RHSA-2025:0831"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:1119 vom 2025-02-11",
        "url": "https://access.redhat.com/errata/RHSA-2025:1119"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:1128 vom 2025-02-12",
        "url": "https://access.redhat.com/errata/RHSA-2025:1128"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:1334 vom 2025-02-11",
        "url": "https://access.redhat.com/errata/RHSA-2025:1334"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:1123 vom 2025-02-12",
        "url": "https://access.redhat.com/errata/RHSA-2025:1123"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:1120 vom 2025-02-11",
        "url": "https://access.redhat.com/errata/RHSA-2025:1120"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:1116 vom 2025-02-13",
        "url": "https://access.redhat.com/errata/RHSA-2025:1116"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:1115 vom 2025-02-13",
        "url": "https://access.redhat.com/errata/RHSA-2025:1115"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:1450 vom 2025-02-19",
        "url": "https://access.redhat.com/errata/RHSA-2025:1450"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:1386 vom 2025-02-19",
        "url": "https://access.redhat.com/errata/RHSA-2025:1386"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0602-1 vom 2025-02-21",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EYS6XJJZTICQN34VXVLGODHFCRCYXES4/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:1824 vom 2025-02-25",
        "url": "https://access.redhat.com/errata/RHSA-2025:1824"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:6122 vom 2025-02-25",
        "url": "https://access.redhat.com/errata/RHSA-2024:6122"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:1829 vom 2025-02-25",
        "url": "https://access.redhat.com/errata/RHSA-2025:1829"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:1841 vom 2025-02-26",
        "url": "https://access.redhat.com/errata/RHSA-2025:1841"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:1838 vom 2025-02-25",
        "url": "https://access.redhat.com/errata/RHSA-2025:1838"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:1865 vom 2025-02-26",
        "url": "https://access.redhat.com/errata/RHSA-2025:1865"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:1866 vom 2025-02-26",
        "url": "https://access.redhat.com/errata/RHSA-2025:1866"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:1710 vom 2025-02-27",
        "url": "https://access.redhat.com/errata/RHSA-2025:1710"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:1711 vom 2025-02-27",
        "url": "https://access.redhat.com/errata/RHSA-2025:1711"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7184453 vom 2025-02-28",
        "url": "https://www.ibm.com/support/pages/node/7184453"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:2415 vom 2025-03-06",
        "url": "https://access.redhat.com/errata/RHSA-2025:2415"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASECS-2025-049 vom 2025-03-06",
        "url": "https://alas.aws.amazon.com/AL2/ALASECS-2025-049.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2025-2779 vom 2025-03-07",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2025-2779.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:2449 vom 2025-03-11",
        "url": "https://access.redhat.com/errata/RHSA-2025:2449"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:2658 vom 2025-03-11",
        "url": "https://access.redhat.com/errata/RHSA-2025:2658"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:2440 vom 2025-03-13",
        "url": "https://access.redhat.com/errata/RHSA-2025:2440"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:2441 vom 2025-03-13",
        "url": "https://access.redhat.com/errata/RHSA-2025:2441"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:2710 vom 2025-03-20",
        "url": "https://access.redhat.com/errata/RHSA-2025:2710"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:2700 vom 2025-03-20",
        "url": "https://access.redhat.com/errata/RHSA-2025:2700"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:2701 vom 2025-03-20",
        "url": "https://access.redhat.com/errata/RHSA-2025:2701"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:3131 vom 2025-03-26",
        "url": "https://access.redhat.com/errata/RHSA-2025:3131"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:3132 vom 2025-03-26",
        "url": "https://access.redhat.com/errata/RHSA-2025:3132"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7229443 vom 2025-03-28",
        "url": "https://www.ibm.com/support/pages/node/7229443"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:3500 vom 2025-04-01",
        "url": "https://access.redhat.com/errata/RHSA-2025:3500"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:3502 vom 2025-04-01",
        "url": "https://access.redhat.com/errata/RHSA-2025:3502"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:3560 vom 2025-04-03",
        "url": "https://access.redhat.com/errata/RHSA-2025:3560"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:3542 vom 2025-04-02",
        "url": "https://access.redhat.com/errata/RHSA-2025:3542"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7230494 vom 2025-04-09",
        "url": "https://www.ibm.com/support/pages/node/7230494"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:3573 vom 2025-04-10",
        "url": "https://access.redhat.com/errata/RHSA-2025:3573"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:4007 vom 2025-04-23",
        "url": "https://access.redhat.com/errata/RHSA-2025:4007"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2025-0604 vom 2025-06-02",
        "url": "https://advisory.splunk.com/advisories/SVD-2025-0604"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2025-0603 vom 2025-06-02",
        "url": "https://advisory.splunk.com//advisories/SVD-2025-0603"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:8479 vom 2025-06-04",
        "url": "https://access.redhat.com/errata/RHSA-2025:8479"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:8280 vom 2025-06-04",
        "url": "https://access.redhat.com/errata/RHSA-2025:8280"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:8301 vom 2025-06-04",
        "url": "https://access.redhat.com/errata/RHSA-2025:8301"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:20278-1 vom 2025-06-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021044.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:20196-1 vom 2025-06-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021144.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:8510 vom 2025-06-04",
        "url": "https://access.redhat.com/errata/RHSA-2025:8510"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7235808 vom 2025-06-06",
        "url": "https://www.ibm.com/support/pages/node/7235808"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:8556 vom 2025-06-13",
        "url": "https://access.redhat.com/errata/RHSA-2025:8556"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:9340 vom 2025-06-23",
        "url": "https://access.redhat.com/errata/RHSA-2025:9340"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7237702 vom 2025-06-24",
        "url": "https://www.ibm.com/support/pages/node/7237702"
      }
    ],
    "source_lang": "en-US",
    "title": "Golang Go (x/net/html): Schwachstelle erm\u00f6glicht Denial of Service",
    "tracking": {
      "current_release_date": "2025-06-24T22:00:00.000+00:00",
      "generator": {
        "date": "2025-06-25T06:04:20.125+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2024-3728",
      "initial_release_date": "2024-12-18T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-12-18T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-12-22T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2025-01-05T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2025-01-07T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-01-09T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Ubuntu und Red Hat aufgenommen"
        },
        {
          "date": "2025-01-13T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von openSUSE und Red Hat aufgenommen"
        },
        {
          "date": "2025-01-14T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-01-16T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-01-21T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat und Zabbix aufgenommen"
        },
        {
          "date": "2025-01-22T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2025-01-23T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-01-26T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2025-01-27T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-01-28T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-01-29T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-02-02T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2025-02-03T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-02-04T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von openSUSE, Red Hat und Amazon aufgenommen"
        },
        {
          "date": "2025-02-05T23:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-02-10T23:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-02-11T23:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-02-12T23:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-02-18T23:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-02-19T23:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-02-20T23:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-02-24T23:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-02-25T23:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-02-26T23:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-02-27T23:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-03-05T23:00:00.000+00:00",
          "number": "30",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-03-06T23:00:00.000+00:00",
          "number": "31",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2025-03-09T23:00:00.000+00:00",
          "number": "32",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2025-03-10T23:00:00.000+00:00",
          "number": "33",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-03-11T23:00:00.000+00:00",
          "number": "34",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-03-12T23:00:00.000+00:00",
          "number": "35",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-03-13T23:00:00.000+00:00",
          "number": "36",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-03-19T23:00:00.000+00:00",
          "number": "37",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-03-26T23:00:00.000+00:00",
          "number": "38",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-03-30T22:00:00.000+00:00",
          "number": "39",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-04-01T22:00:00.000+00:00",
          "number": "40",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-04-02T22:00:00.000+00:00",
          "number": "41",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-04-09T22:00:00.000+00:00",
          "number": "42",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-04-10T22:00:00.000+00:00",
          "number": "43",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-04-22T22:00:00.000+00:00",
          "number": "44",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-06-02T22:00:00.000+00:00",
          "number": "45",
          "summary": "Neue Updates von Splunk-SVD aufgenommen"
        },
        {
          "date": "2025-06-03T22:00:00.000+00:00",
          "number": "46",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-06-04T22:00:00.000+00:00",
          "number": "47",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-06-05T22:00:00.000+00:00",
          "number": "48",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-06-12T22:00:00.000+00:00",
          "number": "49",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-06-22T22:00:00.000+00:00",
          "number": "50",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-06-23T22:00:00.000+00:00",
          "number": "51",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-06-24T22:00:00.000+00:00",
          "number": "52",
          "summary": "Doppelte Eintragung bereinigt"
        }
      ],
      "status": "final",
      "version": "52"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "x/net/html \u003c0.33.0",
                "product": {
                  "name": "Golang Go x/net/html \u003c0.33.0",
                  "product_id": "T039942"
                }
              },
              {
                "category": "product_version",
                "name": "x/net/html 0.33.0",
                "product": {
                  "name": "Golang Go x/net/html 0.33.0",
                  "product_id": "T039942-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:golang:go:xnethtml__0.33.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Go"
          }
        ],
        "category": "vendor",
        "name": "Golang"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "IBM App Connect Enterprise",
                "product": {
                  "name": "IBM App Connect Enterprise",
                  "product_id": "T032495",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:-"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Container Operator \u003c12.12.0",
                "product": {
                  "name": "IBM App Connect Enterprise Container Operator \u003c12.12.0",
                  "product_id": "T044415"
                }
              },
              {
                "category": "product_version",
                "name": "Container Operator 12.12.0",
                "product": {
                  "name": "IBM App Connect Enterprise Container Operator 12.12.0",
                  "product_id": "T044415-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:container_operator__12.12.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c13.0.3.1-r1",
                "product": {
                  "name": "IBM App Connect Enterprise \u003c13.0.3.1-r1",
                  "product_id": "T044417"
                }
              },
              {
                "category": "product_version",
                "name": "13.0.3.1-r1",
                "product": {
                  "name": "IBM App Connect Enterprise 13.0.3.1-r1",
                  "product_id": "T044417-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:13.0.3.1-r1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "App Connect Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "on Cloud Pak for Data",
                "product": {
                  "name": "IBM DB2 on Cloud Pak for Data",
                  "product_id": "T042208",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:db2:on_cloud_pak_for_data"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "DB2"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Operator v3.5.0",
                "product": {
                  "name": "IBM MQ Operator v3.5.0",
                  "product_id": "T041481",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:mq:operator_v3.5.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Operator v3.2.9",
                "product": {
                  "name": "IBM MQ Operator v3.2.9",
                  "product_id": "T041482",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:mq:operator_v3.2.9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Container 9.4.2.0-r1",
                "product": {
                  "name": "IBM MQ Container 9.4.2.0-r1",
                  "product_id": "T041483",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:mq:container_9.4.2.0-r1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "MQ"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c10.1.17.1",
                "product": {
                  "name": "IBM Spectrum Protect Plus \u003c10.1.17.1",
                  "product_id": "T044782"
                }
              },
              {
                "category": "product_version",
                "name": "10.1.17.1",
                "product": {
                  "name": "IBM Spectrum Protect Plus 10.1.17.1",
                  "product_id": "T044782-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:spectrum_protect_plus:10.1.17.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Spectrum Protect Plus"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c5.2.2.1",
                "product": {
                  "name": "IBM Storage Scale \u003c5.2.2.1",
                  "product_id": "T041756"
                }
              },
              {
                "category": "product_version",
                "name": "5.2.2.1",
                "product": {
                  "name": "IBM Storage Scale 5.2.2.1",
                  "product_id": "T041756-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:spectrum_scale:5.2.2.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c5.1.9.9",
                "product": {
                  "name": "IBM Storage Scale \u003c5.1.9.9",
                  "product_id": "T042689"
                }
              },
              {
                "category": "product_version",
                "name": "5.1.9.9",
                "product": {
                  "name": "IBM Storage Scale 5.1.9.9",
                  "product_id": "T042689-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:spectrum_scale:5.1.9.9"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Storage Scale"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux",
                "product": {
                  "name": "Red Hat Enterprise Linux",
                  "product_id": "67646",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Advanced Cluster Security for Kubernetes 4",
                "product": {
                  "name": "Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4",
                  "product_id": "T027916",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8",
                "product": {
                  "name": "Red Hat Enterprise Linux 8",
                  "product_id": "T040598",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Migration Toolkit 1",
                "product": {
                  "name": "Red Hat Enterprise Linux Migration Toolkit 1",
                  "product_id": "T044336",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:migration_toolkit_1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Data Foundation 4",
                "product": {
                  "name": "Red Hat OpenShift Data Foundation 4",
                  "product_id": "T028133",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:data_foundation_4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.16.30",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.16.30",
                  "product_id": "T040212"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.16.30",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.16.30",
                  "product_id": "T040212-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.16.30"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.15.43",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.15.43",
                  "product_id": "T040214"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.15.43",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.15.43",
                  "product_id": "T040214-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.15.43"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.17.14",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.17.14",
                  "product_id": "T040638"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.17.14",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.17.14",
                  "product_id": "T040638-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.17.14"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.17.15",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.17.15",
                  "product_id": "T040819"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.17.15",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.17.15",
                  "product_id": "T040819-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.17.15"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.16.33",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.16.33",
                  "product_id": "T040821"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.16.33",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.16.33",
                  "product_id": "T040821-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.16.33"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.12.72",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.12.72",
                  "product_id": "T040822"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.12.72",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.12.72",
                  "product_id": "T040822-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.12.72"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.17.16",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.17.16",
                  "product_id": "T041007"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.17.16",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.17.16",
                  "product_id": "T041007-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.17.16"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.16.34",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.16.34",
                  "product_id": "T041111"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.16.34",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.16.34",
                  "product_id": "T041111-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.16.34"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.15.45",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.15.45",
                  "product_id": "T041112"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.15.45",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.15.45",
                  "product_id": "T041112-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.15.45"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.14.48",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.14.48",
                  "product_id": "T041269"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.14.48",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.14.48",
                  "product_id": "T041269-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.14.48"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.16.35",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.16.35",
                  "product_id": "T041335"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.16.35",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.16.35",
                  "product_id": "T041335-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.16.35"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Virtualization \u003c4.18.0",
                "product": {
                  "name": "Red Hat OpenShift Virtualization \u003c4.18.0",
                  "product_id": "T041398"
                }
              },
              {
                "category": "product_version",
                "name": "Virtualization 4.18.0",
                "product": {
                  "name": "Red Hat OpenShift Virtualization 4.18.0",
                  "product_id": "T041398-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:virtualization__4.18.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.15.46",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.15.46",
                  "product_id": "T041462"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.15.46",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.15.46",
                  "product_id": "T041462-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.15.46"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Virtualization \u003c4.15.9",
                "product": {
                  "name": "Red Hat OpenShift Virtualization \u003c4.15.9",
                  "product_id": "T041748"
                }
              },
              {
                "category": "product_version",
                "name": "Virtualization 4.15.9",
                "product": {
                  "name": "Red Hat OpenShift Virtualization 4.15.9",
                  "product_id": "T041748-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:virtualization__4.15.9"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.12.74",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.12.74",
                  "product_id": "T041814"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.12.74",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.12.74",
                  "product_id": "T041814-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.12.74"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.13.56",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.13.56",
                  "product_id": "T042009"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.13.56",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.13.56",
                  "product_id": "T042009-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.13.56"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.14.49",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.14.49",
                  "product_id": "T042010"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.14.49",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.14.49",
                  "product_id": "T042010-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.14.49"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.12.75",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.12.75",
                  "product_id": "T042745"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.12.75",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.12.75",
                  "product_id": "T042745-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.12.75"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.16.39",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.16.39",
                  "product_id": "T043078"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.16.39",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.16.39",
                  "product_id": "T043078-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.16.39"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.15.52",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.15.52",
                  "product_id": "T044317"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.15.52",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.15.52",
                  "product_id": "T044317-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.15.52"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.17.32",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.17.32",
                  "product_id": "T044318"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.17.32",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.17.32",
                  "product_id": "T044318-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.17.32"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.16.42",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.16.42",
                  "product_id": "T044606"
                }
              },
              {
                "category": "product_version",
                "name": "Container Platform 4.16.42",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.16.42",
                  "product_id": "T044606-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.16.42"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenShift"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c9.4.2",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.4.2",
                  "product_id": "T044257"
                }
              },
              {
                "category": "product_version",
                "name": "9.4.2",
                "product": {
                  "name": "Splunk Splunk Enterprise 9.4.2",
                  "product_id": "T044257-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.4.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.3.4",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.3.4",
                  "product_id": "T044258"
                }
              },
              {
                "category": "product_version",
                "name": "9.3.4",
                "product": {
                  "name": "Splunk Splunk Enterprise 9.3.4",
                  "product_id": "T044258-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.3.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.2.6",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.2.6",
                  "product_id": "T044259"
                }
              },
              {
                "category": "product_version",
                "name": "9.2.6",
                "product": {
                  "name": "Splunk Splunk Enterprise 9.2.6",
                  "product_id": "T044259-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.2.6"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.1.9",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.1.9",
                  "product_id": "T044260"
                }
              },
              {
                "category": "product_version",
                "name": "9.1.9",
                "product": {
                  "name": "Splunk Splunk Enterprise 9.1.9",
                  "product_id": "T044260-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.1.9"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Splunk Enterprise"
          }
        ],
        "category": "vendor",
        "name": "Splunk"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "agent2",
                "product": {
                  "name": "Zabbix Zabbix agent2",
                  "product_id": "T040498",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:zabbix:zabbix:agent2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Zabbix"
          }
        ],
        "category": "vendor",
        "name": "Zabbix"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-45338",
      "product_status": {
        "known_affected": [
          "67646",
          "T041814",
          "T040822",
          "T042208",
          "T044606",
          "T041462",
          "T044258",
          "T041483",
          "T044257",
          "T041482",
          "T027916",
          "T041481",
          "T044336",
          "T044259",
          "T044317",
          "T044415",
          "T044318",
          "T044417",
          "T041007",
          "398363",
          "T040214",
          "T040598",
          "T041269",
          "T040212",
          "T040498",
          "T042010",
          "T028133",
          "T040638",
          "T041748",
          "T039942",
          "74185",
          "T032495",
          "T040819",
          "T002207",
          "T042689",
          "T000126",
          "T042745",
          "T042009",
          "T027843",
          "T040821",
          "T041756",
          "T044260",
          "T041335",
          "T044782",
          "T041112",
          "T041398",
          "T043078",
          "T041111"
        ]
      },
      "release_date": "2024-12-18T23:00:00.000+00:00",
      "title": "CVE-2024-45338"
    }
  ]
}

CVE-2024-45338 (GCVE-0-2024-45338)

Vulnerability from cvelistv5

Published

2024-12-18 20:38

Modified

2025-02-21 18:03

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-405: Asymmetric Resource Consumption (Amplification)

Summary

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

References

▼	URL	Tags
	https://go.dev/cl/637536
	https://go.dev/issue/70906
	https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ
	https://pkg.go.dev/vuln/GO-2024-3333

Impacted products

	Vendor	Product	Version
	golang.org/x/net	golang.org/x/net/html	Version: 0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-45338",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-31T19:51:42.228627Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-1333",
                "description": "CWE-1333 Inefficient Regular Expression Complexity",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-31T19:55:04.864Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-02-21T18:03:32.301Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250221-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/net/html",
          "product": "golang.org/x/net/html",
          "programRoutines": [
            {
              "name": "parseDoctype"
            },
            {
              "name": "htmlIntegrationPoint"
            },
            {
              "name": "inTableIM"
            },
            {
              "name": "inBodyIM"
            },
            {
              "name": "Parse"
            },
            {
              "name": "ParseFragment"
            },
            {
              "name": "ParseFragmentWithOptions"
            },
            {
              "name": "ParseWithOptions"
            }
          ],
          "vendor": "golang.org/x/net",
          "versions": [
            {
              "lessThan": "0.33.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Guido Vranken"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-405: Asymmetric Resource Consumption (Amplification)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-18T20:38:22.660Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/637536"
        },
        {
          "url": "https://go.dev/issue/70906"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2024-3333"
        }
      ],
      "title": "Non-linear parsing of case-insensitive content in golang.org/x/net/html"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2024-45338",
    "datePublished": "2024-12-18T20:38:22.660Z",
    "dateReserved": "2024-08-27T19:41:58.555Z",
    "dateUpdated": "2025-02-21T18:03:32.301Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted