{ "threat_severity" : "Moderate", "public_date" : "2022-07-12T00:00:00Z", "bugzilla" : { "description" : "golang: encoding/gob: stack exhaustion in Decoder.Decode", "id" : "2107388", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2107388" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-1325", "details" : [ "Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.", "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability." ], "statement" : "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.The vulnerability has been rated as moderate instead of high because the vulnerability can only result in a minor denial of service.", "affected_release" : [ { "product_name" : "OADP-1.1-RHEL-8", "release_date" : "2022-11-28T00:00:00Z", "advisory" : "RHSA-2022:8634", "cpe" : "cpe:/a:redhat:openshift_api_data_protection:1.1::el8", "package" : "oadp/oadp-velero-rhel8:1.1.1-20" }, { "product_name" : "OpenShift Custom Metrics Autoscaler 2", "release_date" : "2023-03-06T00:00:00Z", "advisory" : "RHSA-2023:1042", "cpe" : "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.0::el8", "package" : "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8:2.8.2-143", "impact" : "low" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/client-kn-rhel8:1.3.1-4" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-controller-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-controller-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-mtbroker-filter-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-mtbroker-ingress-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-mtchannel-broker-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-mtping-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-storage-version-migration-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-sugar-controller-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-webhook-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/ingress-rhel8-operator:1.24.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/knative-rhel8-operator:1.24.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/kn-cli-artifacts-rhel8:1.3.1-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/kourier-control-rhel8:1.3.0-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/net-istio-controller-rhel8:1.3.0-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/net-istio-webhook-rhel8:1.3.0-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serverless-operator-bundle:1.24.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serverless-rhel8-operator:1.24.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-activator-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-autoscaler-hpa-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-autoscaler-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-controller-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-domain-mapping-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-domain-mapping-webhook-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-queue-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-storage-version-migration-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-webhook-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/svls-must-gather-rhel8:1.24.0-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1-tech-preview/eventing-kafka-broker-controller-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1-tech-preview/eventing-kafka-broker-dispatcher-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1-tech-preview/eventing-kafka-broker-receiver-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1-tech-preview/eventing-kafka-broker-webhook-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serverless 1 on RHEL 8", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6042", "cpe" : "cpe:/a:redhat:serverless:1.0::el8", "package" : "openshift-serverless-clients-0:1.3.1-4.el8" }, { "product_name" : "OSSO-1.1-RHEL-8", "release_date" : "2022-09-01T00:00:00Z", "advisory" : "RHSA-2022:6152", "cpe" : "cpe:/a:redhat:openshift_secondary_scheduler:1.1::el8", "package" : "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8:v1.1-11" }, { "product_name" : "Red Hat Ceph Storage 6.1", "release_date" : "2023-06-15T00:00:00Z", "advisory" : "RHSA-2023:3642", "cpe" : "cpe:/a:redhat:ceph_storage:6.1::el9", "package" : "rhceph/rhceph-6-dashboard-rhel9:6-75" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2022-08-02T00:00:00Z", "advisory" : "RHSA-2022:5866", "cpe" : "cpe:/a:redhat:devtools:2022", "package" : "go-toolset-1.17-golang-0:1.17.12-1.el7_9" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-08-01T00:00:00Z", "advisory" : "RHSA-2022:5775", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "go-toolset:rhel8-8060020220720230014.97d7f71f" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-10-25T00:00:00Z", "advisory" : "RHSA-2022:7129", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "git-lfs-0:2.13.3-3.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-11-08T00:00:00Z", "advisory" : "RHSA-2022:7519", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "grafana-0:7.5.15-3.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-11-08T00:00:00Z", "advisory" : "RHSA-2022:7648", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "grafana-pcp-0:3.2.0-2.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-05-16T00:00:00Z", "advisory" : "RHSA-2023:2758", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "container-tools:rhel8-8080020230321153727.0f77c1b7" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-05-16T00:00:00Z", "advisory" : "RHSA-2023:2802", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "container-tools:4.0-8080020230217080101.8108cfbc" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2022-08-01T00:00:00Z", "advisory" : "RHSA-2022:5799", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "golang-0:1.17.12-1.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2022-11-15T00:00:00Z", "advisory" : "RHSA-2022:8057", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "grafana-0:7.5.15-3.el9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2022-11-15T00:00:00Z", "advisory" : "RHSA-2022:8250", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "grafana-pcp-0:3.2.0-3.el9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-05-09T00:00:00Z", "advisory" : "RHSA-2023:2357", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "git-lfs-0:3.2.0-1.el9" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.7", "release_date" : "2022-12-15T00:00:00Z", "advisory" : "RHSA-2022:9047", "cpe" : "cpe:/a:redhat:rhmt:1.7::el8", "package" : "rhmtc/openshift-velero-plugin-rhel8:v1.7.6-5" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.2 for RHEL 8", "release_date" : "2022-08-31T00:00:00Z", "advisory" : "RHSA-2022:6283", "cpe" : "cpe:/a:redhat:service_mesh:2.2::el8", "package" : "openshift-service-mesh/istio-cni-rhel8:2.2.2-7" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.2 for RHEL 8", "release_date" : "2022-08-31T00:00:00Z", "advisory" : "RHSA-2022:6283", "cpe" : "cpe:/a:redhat:service_mesh:2.2::el8", "package" : "openshift-service-mesh/istio-rhel8-operator:2.2.2-8" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.2 for RHEL 8", "release_date" : "2022-08-31T00:00:00Z", "advisory" : "RHSA-2022:6283", "cpe" : "cpe:/a:redhat:service_mesh:2.2::el8", "package" : "openshift-service-mesh/pilot-rhel8:2.2.2-7" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.2 for RHEL 8", "release_date" : "2022-08-31T00:00:00Z", "advisory" : "RHSA-2022:6283", "cpe" : "cpe:/a:redhat:service_mesh:2.2::el8", "package" : "openshift-service-mesh/prometheus-rhel8:2.2.2-4" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.2 for RHEL 8", "release_date" : "2022-08-31T00:00:00Z", "advisory" : "RHSA-2022:6283", "cpe" : "cpe:/a:redhat:service_mesh:2.2::el8", "package" : "openshift-service-mesh/proxyv2-rhel8:2.2.2-8" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.2 for RHEL 8", "release_date" : "2022-08-31T00:00:00Z", "advisory" : "RHSA-2022:6283", "cpe" : "cpe:/a:redhat:service_mesh:2.2::el8", "package" : "openshift-service-mesh/ratelimit-rhel8:2.2.2-4" }, { "product_name" : "Red Hat OpenStack Platform 16.1", "release_date" : "2023-03-15T00:00:00Z", "advisory" : "RHSA-2023:1275", "cpe" : "cpe:/a:redhat:openstack:16.1::el8", "package" : "etcd-0:3.3.23-12.el8ost" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "release_date" : "2023-03-15T00:00:00Z", "advisory" : "RHSA-2023:1275", "cpe" : "cpe:/a:redhat:openstack:16.2::el8", "package" : "etcd-0:3.3.23-12.el8ost" }, { "product_name" : "RHEL-7-CNV-4.12", "release_date" : "2023-01-24T00:00:00Z", "advisory" : "RHSA-2023:0407", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.12::el7", "package" : "kubevirt-0:4.12.0-1057.el7" }, { "product_name" : "RHEL-8-CNV-4.12", "release_date" : "2023-01-24T00:00:00Z", "advisory" : "RHSA-2023:0407", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.12::el8", "package" : "kubevirt-0:4.12.0-1057.el8" }, { "product_name" : "RHEL-8-CNV-4.12", "release_date" : "2023-01-25T00:00:00Z", "advisory" : "RHSA-2023:0408", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.12::el8", "package" : "container-native-virtualization/virt-api:v4.12.0-255" }, { "product_name" : "RHODF-4.13-RHEL-9", "release_date" : "2023-06-21T00:00:00Z", "advisory" : "RHSA-2023:3742", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.13::el9", "package" : "odf4/mcg-rhel9-operator:v4.13.0-41" } ], "package_state" : [ { "product_name" : "Migration Toolkit for Virtualization", "fix_state" : "Affected", "package_name" : "migration-toolkit-virtualization/mtv-controller-rhel9", "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2" }, { "product_name" : "OpenShift Developer Tools and Services", "fix_state" : "Affected", "package_name" : "odo", "cpe" : "cpe:/a:redhat:ocp_tools" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Affected", "package_name" : "openshift-pipelines-client", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/gatekeeper-rhel8-operator", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/subctl-rhel9", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/volsync-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/work-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Affected", "package_name" : "advanced-cluster-security/rhacs-main-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "openshift-clients", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ceph Storage 3", "fix_state" : "Out of support scope", "package_name" : "golang", "cpe" : "cpe:/a:redhat:ceph_storage:3" }, { "product_name" : "Red Hat Ceph Storage 5", "fix_state" : "Affected", "package_name" : "rhceph/rhceph-5-dashboard-rhel8", "cpe" : "cpe:/a:redhat:ceph_storage:5" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "container-tools:3.0/containernetworking-plugins", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "osbuild-composer", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "containernetworking-plugins", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "go-toolset", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "osbuild-composer", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift-golang-builder-container", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Affected", "package_name" : "mcg", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Affected", "package_name" : "odf4/cephcsi-rhel9", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat OpenShift distributed tracing 2", "fix_state" : "Not affected", "package_name" : "rhosdt/jaeger-agent-rhel8", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:2" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Affected", "package_name" : "openshift-gitops-1/gitops-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Affected", "package_name" : "openshift-gitops-kam", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Will not fix", "package_name" : "rhosp-rhel8-tech-preview/osp-director-operator", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Affected", "package_name" : "quay/clair-rhel8", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Software Collections", "fix_state" : "Will not fix", "package_name" : "rh-git227-git-lfs", "cpe" : "cpe:/a:redhat:rhel_software_collections:3" }, { "product_name" : "Red Hat Storage 3", "fix_state" : "Will not fix", "package_name" : "golang", "cpe" : "cpe:/a:redhat:storage:3" }, { "product_name" : "Red Hat Storage 3", "fix_state" : "Will not fix", "package_name" : "go-toolset-7-golang", "cpe" : "cpe:/a:redhat:storage:3" }, { "product_name" : "Red Hat Storage 3", "fix_state" : "Out of support scope", "package_name" : "heketi", "cpe" : "cpe:/a:redhat:storage:3" }, { "product_name" : "Red Hat Web Terminal", "fix_state" : "Affected", "package_name" : "web-terminal-exec-container", "cpe" : "cpe:/a:redhat:webterminal:1" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-30635\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-30635\nhttps://go.dev/issue/53615\nhttps://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" ], "name" : "CVE-2022-30635", "csaw" : false }