{ "threat_severity" : "Important", "public_date" : "2025-11-13T21:29:39Z", "bugzilla" : { "description" : "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS", "id" : "2414943", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2414943" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "details" : [ "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.", "A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSH_AGENT_SUCCESS (0x06) message to requests expecting typed replies (e.g., List, Sign). The unmarshal layer produces an unexpected message type, which the client code does not handle, leading to panic(\"unreachable\") or a nil-pointer dereference. A malicious agent or forwarded connection can exploit this to terminate the client process." ], "statement" : "This vulnerability was marked as Important because it allows any malicious or misbehaving SSH agent to force a crash in the client process using a single valid protocol byte. The panic occurs before the client has a chance to validate message structure or recover, which means an attacker controlling—or intercepting—SSH agent traffic can reliably terminate processes that rely on agent interactions. In environments where SSH agents operate over forwarded sockets, shared workspaces, or CI/CD runners, this turns into a reliable, unauthenticated remote denial of service against critical automation or developer tooling. The flaw also stems from unsafe assumptions in the unmarshalling logic, where unexpected but protocol-legal message types drop into “unreachable” code paths instead of being handled gracefully—making it a design-level reliability break rather than a simple error-handling bug. For this reason, it is rated as an important availability-impacting vulnerability rather than a moderate issue.", "affected_release" : [ { "product_name" : "Red Hat Ceph Storage 7.1", "release_date" : "2026-02-17T00:00:00Z", "advisory" : "RHSA-2026:2769", "cpe" : "cpe:/a:redhat:ceph_storage:7.1::el8", "package" : "ceph-2:18.2.1-381.el8cp" }, { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-01-12T00:00:00Z", "advisory" : "RHSA-2026:0436", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "buildah-2:1.41.8-1.el10_1" }, { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-01-14T00:00:00Z", "advisory" : "RHSA-2026:0545", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "podman-7:5.6.0-11.el10_1" }, { "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support", "release_date" : "2026-03-19T00:00:00Z", "advisory" : "RHSA-2026:5167", "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0", "package" : "podman-6:5.4.0-15.el10_0" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-01-19T00:00:00Z", "advisory" : "RHSA-2026:0753", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "container-tools:rhel8-8100020260114090145.afee755d" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "release_date" : "2026-03-17T00:00:00Z", "advisory" : "RHSA-2026:4693", "cpe" : "cpe:/a:redhat:rhel_tus:8.8", "package" : "container-tools:rhel8-8080020260226135022.63b34585" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date" : "2026-03-17T00:00:00Z", "advisory" : "RHSA-2026:4693", "cpe" : "cpe:/a:redhat:rhel_e4s:8.8", "package" : "container-tools:rhel8-8080020260226135022.63b34585" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-01-12T00:00:00Z", "advisory" : "RHSA-2026:0437", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "buildah-2:1.41.8-1.el9_7" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-01-12T00:00:00Z", "advisory" : "RHSA-2026:0470", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "podman-6:5.6.0-11.el9_7" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2026-03-12T00:00:00Z", "advisory" : "RHSA-2026:4532", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2", "package" : "buildah-1:1.29.5-1.el9_2.2" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2026-03-23T00:00:00Z", "advisory" : "RHSA-2026:5222", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "podman-4:4.9.4-20.el9_4.1" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-01-26T00:00:00Z", "advisory" : "RHSA-2026:1084", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "podman-5:5.4.0-18.el9_6" }, { "product_name" : "DevWorkspace Operator 0.39", "release_date" : "2026-02-10T00:00:00Z", "advisory" : "RHSA-2026:2454", "cpe" : "cpe:/a:redhat:devworkspace:0.39::el9", "package" : "devworkspace/devworkspace-project-clone-rhel9:sha256:308fe34379ec88bb0c1bf3c74febb2be763276f1568ff9a9a0f1375deea7b5c6" }, { "product_name" : "DevWorkspace Operator 0.39", "release_date" : "2026-02-10T00:00:00Z", "advisory" : "RHSA-2026:2454", "cpe" : "cpe:/a:redhat:devworkspace:0.39::el9", "package" : "devworkspace/devworkspace-rhel9-operator:sha256:28f42d5cff1157425e469ff40e71c7d38de004b56edba5eb54b2bdc10d10b97c" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.15", "release_date" : "2026-01-13T00:00:00Z", "advisory" : "RHSA-2026:0527", "cpe" : "cpe:/a:redhat:acm:2.15::el9", "package" : "rhacm2/volsync-rhel9:sha256:087a7ad5462d1867c1b1fb18c3f20c8a3864aaa1bc5bc0a227efb6c862c9f851" }, { "product_name" : "Red Hat Ceph Storage 8", "release_date" : "2026-02-16T00:00:00Z", "advisory" : "RHSA-2026:2737", "cpe" : "cpe:/a:redhat:ceph_storage:8::el9", "package" : "rhceph/grafana-rhel9:sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e" }, { "product_name" : "Red Hat OpenShift AI 2.25", "release_date" : "2025-12-17T00:00:00Z", "advisory" : "RHSA-2025:23531", "cpe" : "cpe:/a:redhat:openshift_ai:2.25::el9", "package" : "rhoai/odh-data-science-pipelines-argo-argoexec-rhel9:sha256:1d1bbdfdffaa1006fc6169bea9bab72c804f03ad3c4264e504992afdf01f1908" }, { "product_name" : "Red Hat OpenShift AI 2.25", "release_date" : "2025-12-17T00:00:00Z", "advisory" : "RHSA-2025:23531", "cpe" : "cpe:/a:redhat:openshift_ai:2.25::el9", "package" : "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9:sha256:2af692f7b672b6206d7efcfe0179628b73d27da52b7ef1f6449a4e11b2bac19e" }, { "product_name" : "Red Hat OpenShift Builds 1.6.4", "release_date" : "2025-12-04T00:00:00Z", "advisory" : "RHSA-2025:22743", "cpe" : "cpe:/a:redhat:openshift_builds:1.6::el9", "package" : "openshift-builds/openshift-builds-controller-rhel9:sha256:395818192d16d4d5bd33c6858ed83162423258a2e96554f142f5e8695f47b909" }, { "product_name" : "Red Hat OpenShift Builds 1.6.4", "release_date" : "2025-12-04T00:00:00Z", "advisory" : "RHSA-2025:22743", "cpe" : "cpe:/a:redhat:openshift_builds:1.6::el9", "package" : "openshift-builds/openshift-builds-git-cloner-rhel9:sha256:288a32807d964dc2f5800dd659ac6f52e97056c6333714305a931027e9650d07" }, { "product_name" : "Red Hat OpenShift Builds 1.6.4", "release_date" : "2025-12-04T00:00:00Z", "advisory" : "RHSA-2025:22743", "cpe" : "cpe:/a:redhat:openshift_builds:1.6::el9", "package" : "openshift-builds/openshift-builds-image-bundler-rhel9:sha256:05877af25bdf805f858a8e7326074e9af79da5d8a78a9145e8eba8c9fd4200e7" }, { "product_name" : "Red Hat OpenShift Builds 1.6.4", "release_date" : "2025-12-04T00:00:00Z", "advisory" : "RHSA-2025:22743", "cpe" : "cpe:/a:redhat:openshift_builds:1.6::el9", "package" : "openshift-builds/openshift-builds-image-processing-rhel9:sha256:0b56507d8d8ac4474f1fdc66081d62005350a451b8b73ee1759acf996f7afac2" }, { "product_name" : "Red Hat OpenShift Builds 1.6.4", "release_date" : "2025-12-04T00:00:00Z", "advisory" : "RHSA-2025:22743", "cpe" : "cpe:/a:redhat:openshift_builds:1.6::el9", "package" : "openshift-builds/openshift-builds-waiters-rhel9:sha256:4639c8447a2d5f5717cd1c28e2bbceee31b8913f29fe6066916efa66573a4752" }, { "product_name" : "Red Hat OpenShift Builds 1.6.4", "release_date" : "2025-12-04T00:00:00Z", "advisory" : "RHSA-2025:22743", "cpe" : "cpe:/a:redhat:openshift_builds:1.6::el9", "package" : "openshift-builds/openshift-builds-webhook-rhel9:sha256:23dfb14441d8aa05ae61ed08a796fcd9289f3db9d1240334dfbc388fef31d757" }, { "product_name" : "Red Hat Openshift Data Foundation 4.2", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6503", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.20::el9", "package" : "odf4/cephcsi-rhel9:sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9" }, { "product_name" : "Red Hat Openshift Data Foundation 4.2", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6503", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.20::el9", "package" : "odf4/cephcsi-rhel9-operator:sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2" }, { "product_name" : "Red Hat Openshift Data Foundation 4.2", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6503", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.20::el9", "package" : "odf4/mcg-core-rhel9:sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897" }, { "product_name" : "Red Hat Openshift Data Foundation 4.2", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6503", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.20::el9", "package" : "odf4/mcg-rhel9-operator:sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946" }, { "product_name" : "Red Hat Openshift Data Foundation 4.2", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6503", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.20::el9", "package" : "odf4/ocs-client-console-rhel9:sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0" }, { "product_name" : "Red Hat Openshift Data Foundation 4.2", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6503", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.20::el9", "package" : "odf4/ocs-client-rhel9-operator:sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8" }, { "product_name" : "Red Hat Openshift Data Foundation 4.2", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6503", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.20::el9", "package" : "odf4/ocs-metrics-exporter-rhel9:sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd" }, { "product_name" : "Red Hat Openshift Data Foundation 4.2", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6503", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.20::el9", "package" : "odf4/ocs-rhel9-operator:sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5" }, { "product_name" : "Red Hat Openshift Data Foundation 4.2", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6503", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.20::el9", "package" : "odf4/odf-cli-rhel9:sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1" }, { "product_name" : "Red Hat Openshift Data Foundation 4.2", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6503", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.20::el9", "package" : "odf4/odf-cloudnative-pg-rhel9-operator:sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3" }, { "product_name" : "Red Hat Openshift Data Foundation 4.2", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6503", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.20::el9", "package" : "odf4/odf-console-rhel9:sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1" }, { "product_name" : "Red Hat Openshift Data Foundation 4.2", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6503", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.20::el9", "package" : "odf4/odf-cosi-sidecar-rhel9:sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd" }, { "product_name" : "Red Hat Openshift Data Foundation 4.2", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6503", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.20::el9", "package" : "odf4/odf-csi-addons-rhel9-operator:sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee" }, { "product_name" : "Red Hat Openshift Data Foundation 4.2", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6503", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.20::el9", "package" : "odf4/odf-csi-addons-sidecar-rhel9:sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4" }, { "product_name" : "Red Hat Openshift Data Foundation 4.2", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6503", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.20::el9", "package" : "odf4/odf-external-snapshotter-rhel9-operator:sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9" }, { "product_name" : "Red Hat Openshift Data Foundation 4.2", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6503", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.20::el9", "package" : "odf4/odf-external-snapshotter-sidecar-rhel9:sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0" }, { "product_name" : "Red Hat Openshift Data Foundation 4.2", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6503", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.20::el9", "package" : "odf4/odf-multicluster-console-rhel9:sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607" }, { "product_name" : "Red Hat Openshift Data Foundation 4.2", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6503", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.20::el9", "package" : "odf4/odf-multicluster-rhel9-operator:sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb" }, { "product_name" : "Red Hat Openshift Data Foundation 4.2", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6503", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.20::el9", "package" : "odf4/odf-must-gather-rhel9:sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61" }, { "product_name" : "Red Hat Openshift Data Foundation 4.2", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6503", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.20::el9", "package" : "odf4/odf-rhel9-operator:sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789" }, { "product_name" : "Red Hat Openshift Data Foundation 4.2", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6503", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.20::el9", "package" : "odf4/odr-rhel9-operator:sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726" }, { "product_name" : "Red Hat Openshift Data Foundation 4.2", "release_date" : "2026-04-02T00:00:00Z", "advisory" : "RHSA-2026:6503", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.20::el9", "package" : "odf4/rook-ceph-rhel9-operator:sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a" }, { "product_name" : "Red Hat OpenShift GitOps 1.17", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:1018", "cpe" : "cpe:/a:redhat:openshift_gitops:1.17::el8", "package" : "openshift-gitops-1/argocd-agent-rhel8:sha256:309b422848a3c58a2f6716b2ae7891fae31a2bee824dddf2206d3ee4d9c0e3be" }, { "product_name" : "Red Hat OpenShift GitOps 1.17", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:1018", "cpe" : "cpe:/a:redhat:openshift_gitops:1.17::el8", "package" : "openshift-gitops-1/argocd-rhel9:sha256:19ee8d67235801b83af21c52b92b0855e34f959700eb400d2db455a50b91f512" }, { "product_name" : "Red Hat OpenShift GitOps 1.18", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:1017", "cpe" : "cpe:/a:redhat:openshift_gitops:1.18::el8", "package" : "openshift-gitops-1/argocd-agent-rhel8:sha256:1ac33bdd539b1bf2033e27f3127badf1afd2d5fdeef9fd51f00feeffdd936f32" }, { "product_name" : "Red Hat OpenShift Pipelines 1.2", "release_date" : "2026-03-05T00:00:00Z", "advisory" : "RHSA-2026:3827", "cpe" : "cpe:/a:redhat:openshift_pipelines:1.20::el9", "package" : "openshift-pipelines/pipelines-cli-tkn-rhel9:sha256:05d553e2c0d86956b32281aa6ae7ffa1948073f753889007f041eb2a72cbfa91" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "release_date" : "2026-02-23T00:00:00Z", "advisory" : "RHSA-2026:3122", "cpe" : "cpe:/a:redhat:openstack:16.2::el8", "package" : "rhosp-rhel8/osp-director-agent:sha256:26005fbf7d5e2b62db9368a3ec4858c22c653e45abe328feda7dc26e3039b355" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "release_date" : "2026-02-23T00:00:00Z", "advisory" : "RHSA-2026:3122", "cpe" : "cpe:/a:redhat:openstack:16.2::el8", "package" : "rhosp-rhel8/osp-director-operator:sha256:74254effff84e9bfe9bca9dcf1d1b9c1cccbe5e874fbd6c34c86c257670480d8" }, { "product_name" : "Red Hat OpenStack Platform 17.1", "release_date" : "2025-12-09T00:00:00Z", "advisory" : "RHSA-2025:22955", "cpe" : "cpe:/a:redhat:openstack:17.1::el9", "package" : "rhosp-rhel9/osp-director-agent:sha256:a618bbff08e2c106afa08a7daf100b51ac7ae53fe932fa2611087df303cc79f0" }, { "product_name" : "Red Hat OpenStack Platform 17.1", "release_date" : "2025-12-09T00:00:00Z", "advisory" : "RHSA-2025:22955", "cpe" : "cpe:/a:redhat:openstack:17.1::el9", "package" : "rhosp-rhel9/osp-director-operator:sha256:262d9d9ee1f5093a467168981f3bd952836ca227801acaca506cbcf496a38c8c" }, { "product_name" : "Red Hat Quay 3.1", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23064", "cpe" : "cpe:/a:redhat:quay:3.10::el8", "package" : "quay/quay-builder-rhel8:sha256:25567f02ee5b0640a12f76bfed9b889334363be402d9bdb14c8b7cc37feb6b28" }, { "product_name" : "Red Hat Quay 3.12", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23028", "cpe" : "cpe:/a:redhat:quay:3.12::el8", "package" : "quay/quay-builder-rhel8:sha256:00eb13b3cccf326292589a680a964160c58f83391d0036c4ebcb34fad32b6189" }, { "product_name" : "Red Hat Quay 3.12", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23059", "cpe" : "cpe:/a:redhat:quay:3.12::el8", "package" : "quay/quay-builder-rhel8:sha256:00eb13b3cccf326292589a680a964160c58f83391d0036c4ebcb34fad32b6189" }, { "product_name" : "Red Hat Quay 3.12", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23060", "cpe" : "cpe:/a:redhat:quay:3.12::el8", "package" : "quay/quay-builder-rhel8:sha256:00eb13b3cccf326292589a680a964160c58f83391d0036c4ebcb34fad32b6189" }, { "product_name" : "Red Hat Quay 3.13", "release_date" : "2025-12-15T00:00:00Z", "advisory" : "RHSA-2025:23176", "cpe" : "cpe:/a:redhat:quay:3.13::el8", "package" : "quay/quay-builder-rhel8:sha256:0bb986d4f52cef09dd9a104660426a69d1f2c252b2f604758ae39a7cbaf7ee9b" }, { "product_name" : "Red Hat Quay 3.14", "release_date" : "2026-03-10T00:00:00Z", "advisory" : "RHSA-2026:4215", "cpe" : "cpe:/a:redhat:quay:3.14::el8", "package" : "quay/quay-rhel8:sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899" }, { "product_name" : "Red Hat Quay 3.15", "release_date" : "2026-02-04T00:00:00Z", "advisory" : "RHSA-2026:1942", "cpe" : "cpe:/a:redhat:quay:3.15::el8", "package" : "quay/quay-rhel8:sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f" }, { "product_name" : "Red Hat Quay 3.16", "release_date" : "2025-12-17T00:00:00Z", "advisory" : "RHSA-2025:23546", "cpe" : "cpe:/a:redhat:quay:3.16::el9", "package" : "quay/quay-builder-rhel9:sha256:5f0df245dd2d0cdc6da5601305172300afe0dd706114b8c737b6a1517f931ff5" }, { "product_name" : "Red Hat Quay 3.9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23061", "cpe" : "cpe:/a:redhat:quay:3.9::el8", "package" : "quay/quay-builder-rhel8:sha256:118676c250f94b51d2484414190933c1d8fa61605cef0deff2aab6527f783d73" }, { "product_name" : "Red Hat Trusted Artifact Signer 1.2", "release_date" : "2026-02-18T00:00:00Z", "advisory" : "RHSA-2026:2922", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1.2::el9", "package" : "rhtas/gitsign-rhel9:sha256:4c59990381ce313cd845257e95fd2e910b3d84459c5b3c3aa09fce954a328101" }, { "product_name" : "Red Hat Trusted Artifact Signer 1.3", "release_date" : "2026-02-05T00:00:00Z", "advisory" : "RHSA-2026:2136", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1.3::el9", "package" : "rhtas/gitsign-rhel9:sha256:3c39718e61d13648afcb5b0f5741aa771caf9b2f8c52e4af9dfa0635d5b05894" } ], "package_state" : [ { "product_name" : "External Secrets Operator for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "external-secrets-operator/external-secrets-rhel9", "cpe" : "cpe:/a:redhat:external_secrets_operator:1" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Affected", "package_name" : "multicluster-engine/cluster-image-set-controller-rhel8", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Affected", "package_name" : "multicluster-engine/cluster-image-set-controller-rhel9", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Affected", "package_name" : "multicluster-engine/hive-rhel8", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Affected", "package_name" : "multicluster-engine/hive-rhel9", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "OpenShift Developer Tools and Services", "fix_state" : "Affected", "package_name" : "ocp-tools-4/jenkins-agent-base-rhel9", "cpe" : "cpe:/a:redhat:ocp_tools" }, { "product_name" : "OpenShift Developer Tools and Services", "fix_state" : "Affected", "package_name" : "ocp-tools-4/jenkins-rhel8", "cpe" : "cpe:/a:redhat:ocp_tools" }, { "product_name" : "OpenShift Developer Tools and Services", "fix_state" : "Affected", "package_name" : "ocp-tools-4/jenkins-rhel9", "cpe" : "cpe:/a:redhat:ocp_tools" }, { "product_name" : "OpenShift Developer Tools and Services", "fix_state" : "Affected", "package_name" : "openshift4/ose-jenkins", "cpe" : "cpe:/a:redhat:ocp_tools" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Affected", "package_name" : "openshift-serverless-1/kn-plugin-func-func-util-rhel9", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Affected", "package_name" : "openshift-serverless-clients", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Will not fix", "package_name" : "flightctl", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Will not fix", "package_name" : "rhacm2/acm-flightctl-api-rhel9", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Will not fix", "package_name" : "rhacm2/acm-flightctl-periodic-rhel9", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Will not fix", "package_name" : "rhacm2/acm-flightctl-worker-rhel9", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/multicluster-operators-subscription-rhel9", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-central-db-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-main-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-rhel8-operator", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-roxctl-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-scanner-db-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-scanner-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-scanner-slim-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-scanner-v4-db-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-scanner-v4-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "flightctl", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ceph Storage 6", "fix_state" : "Affected", "package_name" : "grafana", "cpe" : "cpe:/a:redhat:ceph_storage:6" }, { "product_name" : "Red Hat Ceph Storage 9", "fix_state" : "Affected", "package_name" : "grafana", "cpe" : "cpe:/a:redhat:ceph_storage:9" }, { "product_name" : "Red Hat Edge Manager preview", "fix_state" : "Affected", "package_name" : "flightctl", "cpe" : "cpe:/a:redhat:edge_manager:0" }, { "product_name" : "Red Hat Edge Manager preview", "fix_state" : "Affected", "package_name" : "rhacm2/acm-flightctl-api-rhel9", "cpe" : "cpe:/a:redhat:edge_manager:0" }, { "product_name" : "Red Hat Edge Manager preview", "fix_state" : "Affected", "package_name" : "rhacm2/acm-flightctl-periodic-rhel9", "cpe" : "cpe:/a:redhat:edge_manager:0" }, { "product_name" : "Red Hat Edge Manager preview", "fix_state" : "Will not fix", "package_name" : "rhacm2/acm-flightctl-worker-rhel9", "cpe" : "cpe:/a:redhat:edge_manager:0" }, { "product_name" : "Red Hat Edge Manager preview", "fix_state" : "Affected", "package_name" : "rhem/flightctl-alert-exporter-rhel9", "cpe" : "cpe:/a:redhat:edge_manager:0" }, { "product_name" : "Red Hat Edge Manager preview", "fix_state" : "Affected", "package_name" : "rhem/flightctl-alertmanager-proxy-rhel9", "cpe" : "cpe:/a:redhat:edge_manager:0" }, { "product_name" : "Red Hat Edge Manager preview", "fix_state" : "Affected", "package_name" : "rhem/flightctl-api-rhel9", "cpe" : "cpe:/a:redhat:edge_manager:0" }, { "product_name" : "Red Hat Edge Manager preview", "fix_state" : "Affected", "package_name" : "rhem/flightctl-cli-artifacts-rhel9", "cpe" : "cpe:/a:redhat:edge_manager:0" }, { "product_name" : "Red Hat Edge Manager preview", "fix_state" : "Affected", "package_name" : "rhem/flightctl-db-setup-rhel9", "cpe" : "cpe:/a:redhat:edge_manager:0" }, { "product_name" : "Red Hat Edge Manager preview", "fix_state" : "Affected", "package_name" : "rhem/flightctl-periodic-rhel9", "cpe" : "cpe:/a:redhat:edge_manager:0" }, { "product_name" : "Red Hat Edge Manager preview", "fix_state" : "Affected", "package_name" : "rhem/flightctl-telemetry-gateway-rhel9", "cpe" : "cpe:/a:redhat:edge_manager:0" }, { "product_name" : "Red Hat Edge Manager preview", "fix_state" : "Affected", "package_name" : "rhem/flightctl-userinfo-proxy-rhel9", "cpe" : "cpe:/a:redhat:edge_manager:0" }, { "product_name" : "Red Hat Edge Manager preview", "fix_state" : "Affected", "package_name" : "rhem/flightctl-worker-rhel9", "cpe" : "cpe:/a:redhat:edge_manager:0" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "golang", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "buildah", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "go-toolset:rhel8/golang", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "go-toolset:rhel8/go-toolset", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "golang", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)", "fix_state" : "Will not fix", "package_name" : "golang", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-data-science-pipelines-argo-argoexec-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "cri-o", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "microshift", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/oc-mirror-plugin-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/oc-mirror-plugin-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-baremetal-installer-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-baremetal-installer-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-console", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-console-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-docker-builder", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-docker-builder-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-dpu-cni-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-dpu-daemon-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-dpu-intel-ipu-p4sdk-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-dpu-intel-ipu-vsp-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-dpu-rhel9-operator", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-installer", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-installer-altinfra-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-installer-altinfra-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-installer-artifacts", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-installer-artifacts-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-installer-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-olm-rukpak-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-olm-rukpak-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-tests", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-tests-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "ose-azure-acr-image-credential-provider", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "podman", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Affected", "package_name" : "openshift-gitops-1/argocd-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Will not fix", "package_name" : "openshift-gitops-1/gitops-operator-bundle", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Affected", "package_name" : "openshift-gitops-1/gitops-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Affected", "package_name" : "openshift-gitops-1/gitops-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Will not fix", "package_name" : "container-native-virtualization/cluster-network-addons-operator", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Affected", "package_name" : "container-native-virtualization/cluster-network-addons-operator-rhel9", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Affected", "package_name" : "container-native-virtualization/ocp-virt-validation-checkup-rhel9", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Will not fix", "package_name" : "container-native-virtualization/passt-network-binding-plugin-cni-rhel9", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Will not fix", "package_name" : "container-native-virtualization/passt-network-binding-plugin-sidecar-rhel9", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Not affected", "package_name" : "container-native-virtualization/sidecar-shim-rhel9", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Not affected", "package_name" : "container-native-virtualization/virt-api", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Not affected", "package_name" : "container-native-virtualization/virt-api-rhel9", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Not affected", "package_name" : "container-native-virtualization/virt-artifacts-server", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Affected", "package_name" : "container-native-virtualization/virt-artifacts-server-rhel9", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Not affected", "package_name" : "container-native-virtualization/virt-controller", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Not affected", "package_name" : "container-native-virtualization/virt-controller-rhel9", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Not affected", "package_name" : "container-native-virtualization/virt-exportproxy", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Not affected", "package_name" : "container-native-virtualization/virt-exportproxy-rhel9", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Not affected", "package_name" : "container-native-virtualization/virt-exportserver", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Not affected", "package_name" : "container-native-virtualization/virt-exportserver-rhel9", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Not affected", "package_name" : "container-native-virtualization/virt-handler", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Not affected", "package_name" : "container-native-virtualization/virt-handler-rhel9", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Not affected", "package_name" : "container-native-virtualization/virt-launcher", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Not affected", "package_name" : "container-native-virtualization/virt-launcher-rhel9", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Not affected", "package_name" : "container-native-virtualization/virt-operator", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Not affected", "package_name" : "container-native-virtualization/virt-operator-rhel9", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Not affected", "package_name" : "container-native-virtualization/virt-synchronization-controller-rhel9", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Affected", "package_name" : "kubevirt", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Affected", "package_name" : "golang-googlecode-go-crypto", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Not affected", "package_name" : "rhosp-rhel8/osp-director-operator-bundle", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Will not fix", "package_name" : "rhosp-rhel8-tech-preview/osp-director-provisioner", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Not affected", "package_name" : "rhosp-rhel9/osp-director-downloader", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 17.1", "fix_state" : "Not affected", "package_name" : "rhosp-rhel9/osp-director-downloader", "cpe" : "cpe:/a:redhat:openstack:17.1" }, { "product_name" : "Red Hat OpenStack Platform 17.1", "fix_state" : "Not affected", "package_name" : "rhosp-rhel9/osp-director-operator-bundle", "cpe" : "cpe:/a:redhat:openstack:17.1" }, { "product_name" : "Red Hat OpenStack Platform 18.0", "fix_state" : "Not affected", "package_name" : "rhoso-operators/prometheus-podman-exporter-rhel9", "cpe" : "cpe:/a:redhat:openstack:18.0" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-47913\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-47913\nhttps://github.com/advisories/GHSA-hcg3-q754-cr77\nhttps://go.dev/cl/700295\nhttps://go.dev/issue/75178\nhttps://pkg.go.dev/vuln/GO-2025-4116" ], "name" : "CVE-2025-47913", "mitigation" : { "value" : "No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.", "lang" : "en:us" }, "csaw" : false }