{ "threat_severity" : "Important", "public_date" : "2024-03-20T00:00:00Z", "bugzilla" : { "description" : "golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads", "id" : "2262921", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2262921" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-401", "details" : [ "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them." ], "statement" : "The majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.", "acknowledgement" : "Red Hat would like to thank @qmuntal and @r3kumar for reporting this issue.", "affected_release" : [ { "product_name" : "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date" : "2024-04-02T00:00:00Z", "advisory" : "RHSA-2024:1640", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package" : "receptor-0:1.4.5-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "release_date" : "2024-04-02T00:00:00Z", "advisory" : "RHSA-2024:1640", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "package" : "receptor-0:1.4.5-1.el9ap" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2024-03-21T00:00:00Z", "advisory" : "RHSA-2024:1468", "cpe" : "cpe:/a:redhat:devtools:2023::el7", "package" : "go-toolset-1.19-golang-0:1.19.13-6.el7_9" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-03-21T00:00:00Z", "advisory" : "RHSA-2024:1472", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "go-toolset:rhel8-8090020240313170136.26eb71ac" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-04-02T00:00:00Z", "advisory" : "RHSA-2024:1644", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "grafana-pcp-0:5.1.1-2.el8_9" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-04-02T00:00:00Z", "advisory" : "RHSA-2024:1646", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "grafana-0:9.2.10-8.el8_9" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-05-22T00:00:00Z", "advisory" : "RHSA-2024:3265", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "grafana-0:9.2.10-16.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-08-13T00:00:00Z", "advisory" : "RHSA-2024:5258", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "container-tools:rhel8-8100020240808093819.afee755d", "impact" : "moderate" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-09-26T00:00:00Z", "advisory" : "RHSA-2024:7262", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "osbuild-composer-0:101-2.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-03-21T00:00:00Z", "advisory" : "RHSA-2024:1462", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "golang-0:1.20.12-2.el9_3" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-03-25T00:00:00Z", "advisory" : "RHSA-2024:1501", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "grafana-0:9.2.10-8.el9_3" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-03-25T00:00:00Z", "advisory" : "RHSA-2024:1502", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "grafana-pcp-0:5.1.1-2.el9_3" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2562", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "golang-0:1.21.9-2.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2568", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "grafana-0:9.2.10-16.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2569", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "grafana-pcp-0:5.1.1-2.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-07-08T00:00:00Z", "advisory" : "RHSA-2024:4371", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "buildah-2:1.33.7-3.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-07-08T00:00:00Z", "advisory" : "RHSA-2024:4378", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "podman-4:4.9.4-5.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-07-08T00:00:00Z", "advisory" : "RHSA-2024:4379", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "gvisor-tap-vsock-6:0.7.3-4.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-07-15T00:00:00Z", "advisory" : "RHSA-2024:4502", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "skopeo-2:1.14.3-3.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-07-23T00:00:00Z", "advisory" : "RHSA-2024:4761", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "containernetworking-plugins-1:1.4.0-4.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-07-23T00:00:00Z", "advisory" : "RHSA-2024:4762", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "runc-4:1.1.12-3.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-05-13T00:00:00Z", "advisory" : "RHSA-2025:7118", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "osbuild-composer-0:132-1.el9" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2024-07-16T00:00:00Z", "advisory" : "RHSA-2024:4581", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0", "package" : "podman-2:4.2.0-4.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2024-07-22T00:00:00Z", "advisory" : "RHSA-2024:4672", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0", "package" : "containernetworking-plugins-1:1.0.1-6.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date" : "2024-06-27T00:00:00Z", "advisory" : "RHSA-2024:4146", "cpe" : "cpe:/a:redhat:rhel_eus:9.2", "package" : "golang-0:1.19.13-7.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date" : "2024-08-20T00:00:00Z", "advisory" : "RHSA-2024:5634", "cpe" : "cpe:/a:redhat:rhel_eus:9.2", "package" : "podman-2:4.4.1-20.el9_2" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2024-04-03T00:00:00Z", "advisory" : "RHSA-2024:1574", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "buildah-1:1.23.4-5.2.rhaos4.12.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2024-04-03T00:00:00Z", "advisory" : "RHSA-2024:1574", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "butane-0:0.16.0-2.2.rhaos4.12.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2024-04-03T00:00:00Z", "advisory" : "RHSA-2024:1574", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "containernetworking-plugins-1:1.4.0-1.1.rhaos4.12.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2024-04-03T00:00:00Z", "advisory" : "RHSA-2024:1574", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "cri-o-0:1.25.3-5.2.rhaos4.12.git44a2cb2.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2024-04-03T00:00:00Z", "advisory" : "RHSA-2024:1574", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "cri-tools-0:1.25.0-2.2.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2024-04-03T00:00:00Z", "advisory" : "RHSA-2024:1574", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "ignition-0:2.14.0-5.2.rhaos4.12.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2024-04-03T00:00:00Z", "advisory" : "RHSA-2024:1574", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "openshift-clients-0:4.12.0-202403251017.p0.gd4c9e3c.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2024-04-03T00:00:00Z", "advisory" : "RHSA-2024:1574", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "podman-3:4.2.0-7.2.rhaos4.12.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2024-04-03T00:00:00Z", "advisory" : "RHSA-2024:1574", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "runc-3:1.1.6-5.2.rhaos4.12.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2024-04-03T00:00:00Z", "advisory" : "RHSA-2024:1574", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "skopeo-2:1.9.4-3.2.rhaos4.12.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2024-04-18T00:00:00Z", "advisory" : "RHSA-2024:1763", "cpe" : "cpe:/a:redhat:openshift:4.13::el8", "package" : "buildah-1:1.29.1-2.2.rhaos4.13.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2024-04-18T00:00:00Z", "advisory" : "RHSA-2024:1763", "cpe" : "cpe:/a:redhat:openshift:4.13::el8", "package" : "containernetworking-plugins-1:1.4.0-1.1.rhaos4.13.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2024-04-18T00:00:00Z", "advisory" : "RHSA-2024:1763", "cpe" : "cpe:/a:redhat:openshift:4.13::el8", "package" : "cri-o-0:1.26.5-11.1.rhaos4.13.git919cc6e.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2024-04-18T00:00:00Z", "advisory" : "RHSA-2024:1763", "cpe" : "cpe:/a:redhat:openshift:4.13::el8", "package" : "cri-tools-0:1.26.0-4.1.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2024-04-18T00:00:00Z", "advisory" : "RHSA-2024:1763", "cpe" : "cpe:/a:redhat:openshift:4.13::el8", "package" : "ignition-0:2.15.0-7.1.rhaos4.13.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2024-04-18T00:00:00Z", "advisory" : "RHSA-2024:1763", "cpe" : "cpe:/a:redhat:openshift:4.13::el8", "package" : "openshift-clients-0:4.13.0-202404020737.p0.gd192e90.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2024-04-18T00:00:00Z", "advisory" : "RHSA-2024:1763", "cpe" : "cpe:/a:redhat:openshift:4.13::el8", "package" : "podman-3:4.4.1-5.2.rhaos4.13.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2024-04-18T00:00:00Z", "advisory" : "RHSA-2024:1763", "cpe" : "cpe:/a:redhat:openshift:4.13::el8", "package" : "runc-4:1.1.12-1.1.rhaos4.13.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2024-04-18T00:00:00Z", "advisory" : "RHSA-2024:1763", "cpe" : "cpe:/a:redhat:openshift:4.13::el8", "package" : "skopeo-2:1.11.2-2.2.rhaos4.13.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-04-03T00:00:00Z", "advisory" : "RHSA-2024:1567", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "butane-0:0.19.0-1.3.rhaos4.14.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-04-03T00:00:00Z", "advisory" : "RHSA-2024:1567", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "containernetworking-plugins-1:1.4.0-1.2.rhaos4.14.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-04-03T00:00:00Z", "advisory" : "RHSA-2024:1567", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "cri-o-0:1.27.4-6.1.rhaos4.14.gitd09e4c0.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-04-03T00:00:00Z", "advisory" : "RHSA-2024:1567", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "cri-tools-0:1.27.0-3.1.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-04-03T00:00:00Z", "advisory" : "RHSA-2024:1567", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "ignition-0:2.16.2-2.1.rhaos4.14.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-04-03T00:00:00Z", "advisory" : "RHSA-2024:1567", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift-clients-0:4.14.0-202403261640.p0.gf7b14a9.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-04-03T00:00:00Z", "advisory" : "RHSA-2024:1567", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "ose-aws-ecr-image-credential-provider-0:4.14.0-202403251040.p0.g607e2dd.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-04-03T00:00:00Z", "advisory" : "RHSA-2024:1567", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "podman-3:4.4.1-11.3.rhaos4.14.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-04-03T00:00:00Z", "advisory" : "RHSA-2024:1567", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "skopeo-2:1.11.2-10.3.rhaos4.14.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-04-26T00:00:00Z", "advisory" : "RHSA-2024:1897", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "buildah-1:1.29.1-10.4.rhaos4.14.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-04-26T00:00:00Z", "advisory" : "RHSA-2024:1897", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "butane-0:0.19.0-1.4.rhaos4.14.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-04-26T00:00:00Z", "advisory" : "RHSA-2024:1897", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "conmon-3:2.1.7-3.4.rhaos4.14.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-04-26T00:00:00Z", "advisory" : "RHSA-2024:1897", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "containernetworking-plugins-1:1.4.0-1.3.rhaos4.14.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-04-26T00:00:00Z", "advisory" : "RHSA-2024:1897", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "cri-o-0:1.27.4-7.2.rhaos4.14.git082c52f.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-04-26T00:00:00Z", "advisory" : "RHSA-2024:1897", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "cri-tools-0:1.27.0-3.2.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-04-26T00:00:00Z", "advisory" : "RHSA-2024:1897", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "ignition-0:2.16.2-2.2.rhaos4.14.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-04-26T00:00:00Z", "advisory" : "RHSA-2024:1897", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift-0:4.14.0-202404160939.p0.g7bee54d.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-04-26T00:00:00Z", "advisory" : "RHSA-2024:1897", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4-aws-iso-0:4.14.0-202404151639.p0.gd2acdd5.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-04-26T00:00:00Z", "advisory" : "RHSA-2024:1897", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift-ansible-0:4.14.0-202404151639.p0.g81558cc.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-04-26T00:00:00Z", "advisory" : "RHSA-2024:1897", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift-clients-0:4.14.0-202404151639.p0.gf7b14a9.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-04-26T00:00:00Z", "advisory" : "RHSA-2024:1897", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift-kuryr-0:4.14.0-202404151639.p0.g8926a29.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-04-26T00:00:00Z", "advisory" : "RHSA-2024:1897", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "ose-aws-ecr-image-credential-provider-0:4.14.0-202404151639.p0.g607e2dd.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-04-26T00:00:00Z", "advisory" : "RHSA-2024:1897", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "podman-3:4.4.1-11.4.rhaos4.14.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-04-26T00:00:00Z", "advisory" : "RHSA-2024:1897", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "runc-4:1.1.12-1.2.rhaos4.14.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-04-26T00:00:00Z", "advisory" : "RHSA-2024:1897", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "skopeo-2:1.11.2-10.4.rhaos4.14.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-04-03T00:00:00Z", "advisory" : "RHSA-2024:1566", "cpe" : "cpe:/a:redhat:openshift:4.14::el9", "package" : "microshift-0:4.14.19-202403280926.p0.gc1f8861.assembly.4.14.19.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-08-07T00:00:00Z", "advisory" : "RHSA-2024:4960", "cpe" : "cpe:/a:redhat:openshift:4.14::el9", "package" : "rhcos-414.92.202407300859-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-04-02T00:00:00Z", "advisory" : "RHSA-2024:1563", "cpe" : "cpe:/a:redhat:openshift:4.15::el8", "package" : "buildah-1:1.29.1-20.3.rhaos4.15.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-04-02T00:00:00Z", "advisory" : "RHSA-2024:1563", "cpe" : "cpe:/a:redhat:openshift:4.15::el8", "package" : "butane-0:0.20.0-1.1.rhaos4.15.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-04-02T00:00:00Z", "advisory" : "RHSA-2024:1563", "cpe" : "cpe:/a:redhat:openshift:4.15::el8", "package" : "containernetworking-plugins-1:1.4.0-1.2.rhaos4.15.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-04-02T00:00:00Z", "advisory" : "RHSA-2024:1563", "cpe" : "cpe:/a:redhat:openshift:4.15::el8", "package" : "cri-o-0:1.28.4-8.rhaos4.15.git24f50b9.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-04-02T00:00:00Z", "advisory" : "RHSA-2024:1563", "cpe" : "cpe:/a:redhat:openshift:4.15::el8", "package" : "cri-tools-0:1.28.0-3.1.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-04-02T00:00:00Z", "advisory" : "RHSA-2024:1563", "cpe" : "cpe:/a:redhat:openshift:4.15::el8", "package" : "ignition-0:2.16.2-2.1.rhaos4.15.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-04-02T00:00:00Z", "advisory" : "RHSA-2024:1563", "cpe" : "cpe:/a:redhat:openshift:4.15::el8", "package" : "openshift-clients-0:4.15.0-202403211240.p0.g62c4d45.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-04-02T00:00:00Z", "advisory" : "RHSA-2024:1563", "cpe" : "cpe:/a:redhat:openshift:4.15::el8", "package" : "ose-aws-ecr-image-credential-provider-0:4.15.0-202403211549.p0.g2e3cca1.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-04-02T00:00:00Z", "advisory" : "RHSA-2024:1563", "cpe" : "cpe:/a:redhat:openshift:4.15::el8", "package" : "podman-3:4.4.1-21.1.rhaos4.15.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-04-02T00:00:00Z", "advisory" : "RHSA-2024:1563", "cpe" : "cpe:/a:redhat:openshift:4.15::el8", "package" : "runc-4:1.1.12-1.1.rhaos4.15.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-04-02T00:00:00Z", "advisory" : "RHSA-2024:1563", "cpe" : "cpe:/a:redhat:openshift:4.15::el8", "package" : "skopeo-2:1.11.2-21.2.rhaos4.15.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-04-02T00:00:00Z", "advisory" : "RHSA-2024:1561", "cpe" : "cpe:/a:redhat:openshift:4.15::el9", "package" : "microshift-0:4.15.6-202403280951.p0.g94b1c2a.assembly.4.15.6.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-07-25T00:00:00Z", "advisory" : "RHSA-2024:4699", "cpe" : "cpe:/a:redhat:openshift:4.15::el9", "package" : "rhcos-415.92.202407191425-0" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "release_date" : "2024-05-23T00:00:00Z", "advisory" : "RHSA-2024:3352", "cpe" : "cpe:/a:redhat:openstack:16.2::el8", "package" : "etcd-0:3.3.23-16.el8ost" }, { "product_name" : "Red Hat OpenStack Platform 17.1 for RHEL 8", "release_date" : "2024-05-22T00:00:00Z", "advisory" : "RHSA-2024:2767", "cpe" : "cpe:/a:redhat:openstack:17.1::el8", "package" : "collectd-sensubility-0:0.2.1-3.el8ost" }, { "product_name" : "Red Hat OpenStack Platform 17.1 for RHEL 9", "release_date" : "2024-05-22T00:00:00Z", "advisory" : "RHSA-2024:2729", "cpe" : "cpe:/a:redhat:openstack:17.1::el9", "package" : "etcd-0:3.4.26-8.el9ost" }, { "product_name" : "Red Hat OpenStack Platform 17.1 for RHEL 9", "release_date" : "2024-05-22T00:00:00Z", "advisory" : "RHSA-2024:2730", "cpe" : "cpe:/a:redhat:openstack:17.1::el9", "package" : "collectd-sensubility-0:0.2.1-3.el9ost" }, { "product_name" : "RHODF-4.16-RHEL-9", "release_date" : "2024-07-17T00:00:00Z", "advisory" : "RHSA-2024:4591", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.16::el9", "package" : "odf4/mcg-operator-bundle:v4.16.0-137" }, { "product_name" : "RHODF-4.16-RHEL-9", "release_date" : "2024-07-17T00:00:00Z", "advisory" : "RHSA-2024:4591", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.16::el9", "package" : "odf4/mcg-rhel9-operator:v4.16.0-38" } ], "package_state" : [ { "product_name" : "NBDE Tang Server", "fix_state" : "Will not fix", "package_name" : "tang-operator-bundle-container", "cpe" : "cpe:/a:redhat:network_bound_disk_encryption_tang:1" }, { "product_name" : "OpenShift Developer Tools and Services", "fix_state" : "Affected", "package_name" : "helm", "cpe" : "cpe:/a:redhat:ocp_tools" }, { "product_name" : "OpenShift Developer Tools and Services", "fix_state" : "Will not fix", "package_name" : "odo", "cpe" : "cpe:/a:redhat:ocp_tools" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Not affected", "package_name" : "openshift-pipelines-client", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Affected", "package_name" : "openshift-serverless-clients", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "Red Hat Ansible Automation Platform 1.2", "fix_state" : "Will not fix", "package_name" : "helm", "cpe" : "cpe:/a:redhat:ansible_automation_platform" }, { "product_name" : "Red Hat Ansible Automation Platform 1.2", "fix_state" : "Will not fix", "package_name" : "openshift-clients", "cpe" : "cpe:/a:redhat:ansible_automation_platform" }, { "product_name" : "Red Hat Certification for Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "redhat-certification-preflight", "cpe" : "cpe:/a:redhat:certifications:1::el8" }, { "product_name" : "Red Hat Certification Program for Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "redhat-certification-preflight", "cpe" : "cpe:/a:redhat:certifications:9" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "buildah", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "containernetworking-plugins", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "host-metering", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "podman", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "rhc-worker-script", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "skopeo", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "container-tools:4.0/buildah", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "impact" : "moderate" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "container-tools:4.0/conmon", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "impact" : "moderate" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "container-tools:4.0/containernetworking-plugins", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "impact" : "moderate" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "container-tools:4.0/podman", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "impact" : "moderate" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "container-tools:4.0/runc", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "impact" : "moderate" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "container-tools:4.0/skopeo", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "impact" : "moderate" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "container-tools:4.0/toolbox", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "impact" : "moderate" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "git-lfs", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "rhc", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "weldr-client", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "butane", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "conmon", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "git-lfs", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "ignition", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "toolbox", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "weldr-client", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "conmon-rs", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "golang-github-prometheus-promu", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "lifecycle-agent-operator-bundle-container", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Out of support scope", "package_name" : "openshift4/bare-metal-event-relay-operator-bundle", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/numaresources-operator-bundle", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-cluster-machine-approver", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "rhcos", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat Openshift Container Storage 4", "fix_state" : "Out of support scope", "package_name" : "mcg", "cpe" : "cpe:/a:redhat:openshift_container_storage:4" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Affected", "package_name" : "devspaces/machineexec-rhel8", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Will not fix", "package_name" : "openshift-gitops-1/gitops-operator-bundle", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift on AWS", "fix_state" : "Affected", "package_name" : "rosa", "cpe" : "cpe:/a:redhat:openshift_service_on_aws:1" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Not affected", "package_name" : "kubevirt", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenStack Platform 16.1", "fix_state" : "Out of support scope", "package_name" : "etcd", "cpe" : "cpe:/a:redhat:openstack:16.1" }, { "product_name" : "Red Hat OpenStack Platform 16.1", "fix_state" : "Will not fix", "package_name" : "golang-qpid-apache", "cpe" : "cpe:/a:redhat:openstack:16.1" }, { "product_name" : "Red Hat OpenStack Platform 16.1", "fix_state" : "Not affected", "package_name" : "qpid-proton", "cpe" : "cpe:/a:redhat:openstack:16.1" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Will not fix", "package_name" : "golang-github-infrawatch-apputils", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Will not fix", "package_name" : "golang-qpid-apache", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Not affected", "package_name" : "qpid-proton", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 17.1", "fix_state" : "Affected", "package_name" : "golang-github-infrawatch-apputils", "cpe" : "cpe:/a:redhat:openstack:17.1" }, { "product_name" : "Red Hat OpenStack Platform 17.1", "fix_state" : "Will not fix", "package_name" : "golang-qpid-apache", "cpe" : "cpe:/a:redhat:openstack:17.1" }, { "product_name" : "Red Hat OpenStack Platform 17.1", "fix_state" : "Not affected", "package_name" : "qpid-proton", "cpe" : "cpe:/a:redhat:openstack:17.1" }, { "product_name" : "Red Hat OpenStack Platform 18.0", "fix_state" : "Will not fix", "package_name" : "etcd", "cpe" : "cpe:/a:redhat:openstack:18.0" }, { "product_name" : "Red Hat Service Interconnect 1", "fix_state" : "Will not fix", "package_name" : "qpid-proton", "cpe" : "cpe:/a:redhat:service_interconnect:1" }, { "product_name" : "Red Hat Service Interconnect 1", "fix_state" : "Affected", "package_name" : "skupper-cli", "cpe" : "cpe:/a:redhat:service_interconnect:1" }, { "product_name" : "Red Hat Service Interconnect 1", "fix_state" : "Will not fix", "package_name" : "skupper-router", "cpe" : "cpe:/a:redhat:service_interconnect:1" }, { "product_name" : "Red Hat Software Collections", "fix_state" : "Not affected", "package_name" : "rh-git227-git-lfs", "cpe" : "cpe:/a:redhat:rhel_software_collections:3" }, { "product_name" : "Red Hat Storage 3", "fix_state" : "Out of support scope", "package_name" : "heketi", "cpe" : "cpe:/a:redhat:storage:3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-1394\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-1394\nhttps://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136\nhttps://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6\nhttps://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f\nhttps://pkg.go.dev/vuln/GO-2024-2660\nhttps://vuln.go.dev/ID/GO-2024-2660.json" ], "name" : "CVE-2024-1394", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }