VDB

RHSA-2020%3A3087

RHSA-2020%3A3087 PUBLISHED CVSS 7.5 HIGH

A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific characters or strings to the vulnerable application, there is the potential to cause an infinite loop to occur using more memory, resulting in a denial of service.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatdistributed-tracing/jaeger-ingester-rhel7@sha256:5cff6ba93d6e5a8f6853b7a5469be451383a193e85bb0505b74c94f6e50cacd9_amd64 as a component of Red Hat OpenShift Jaeger 1.17*, *
Red Hatdistributed-tracing/jaeger-ingester-rhel7@sha256:5cff6ba93d6e5a8f6853b7a5469be451383a193e85bb0505b74c94f6e50cacd9_amd64 as a component of Red Hat OpenShift Jaeger 1.17distributed-tracing/jaeger-ingester-rhel7@sha256:5cff6ba93d6e5a8f6853b7a5469be451383a193e85bb0505b74c94f6e50cacd9_amd64
Red Hatdistributed-tracing/jaeger-all-in-one-rhel7@sha256:4fa3cf137dc82aea05cf970d795f6bedd213513a114b284339299eb008ad50ad_amd64 as a component of Red Hat OpenShift Jaeger 1.17distributed-tracing/jaeger-all-in-one-rhel7@sha256:4fa3cf137dc82aea05cf970d795f6bedd213513a114b284339299eb008ad50ad_amd64, *
Red Hatdistributed-tracing/jaeger-agent-rhel7@sha256:6d6dfb8843465fedfaa5bc73d8b1ef0fe7d39f3e0bcb95508277ecc5bee56a15_amd64 as a component of Red Hat OpenShift Jaeger 1.17distributed-tracing/jaeger-agent-rhel7@sha256:6d6dfb8843465fedfaa5bc73d8b1ef0fe7d39f3e0bcb95508277ecc5bee56a15_amd64
Red Hatdistributed-tracing/jaeger-query-rhel7@sha256:2a7f0915d6838ee858562a867fa57260df03704ee98b278839a731a42ace4db6_amd64 as a component of Red Hat OpenShift Jaeger 1.17*, distributed-tracing/jaeger-query-rhel7@sha256:2a7f0915d6838ee858562a867fa57260df03704ee98b278839a731a42ace4db6_amd64
Red Hatdistributed-tracing/jaeger-rhel7-operator@sha256:730e0015fdeab7b9ede059a1c685e003aa33463319690375c91daa22f2830428_amd64 as a component of Red Hat OpenShift Jaeger 1.17distributed-tracing/jaeger-rhel7-operator@sha256:730e0015fdeab7b9ede059a1c685e003aa33463319690375c91daa22f2830428_amd64
Red Hatdistributed-tracing/jaeger-agent-rhel7@sha256:6d6dfb8843465fedfaa5bc73d8b1ef0fe7d39f3e0bcb95508277ecc5bee56a15_amd64 as a component of Red Hat OpenShift Jaeger 1.17*, distributed-tracing/jaeger-agent-rhel7@sha256:6d6dfb8843465fedfaa5bc73d8b1ef0fe7d39f3e0bcb95508277ecc5bee56a15_amd64
Red Hatdistributed-tracing/jaeger-query-rhel7@sha256:2a7f0915d6838ee858562a867fa57260df03704ee98b278839a731a42ace4db6_amd64 as a component of Red Hat OpenShift Jaeger 1.17distributed-tracing/jaeger-query-rhel7@sha256:2a7f0915d6838ee858562a867fa57260df03704ee98b278839a731a42ace4db6_amd64
Red Hatdistributed-tracing/jaeger-all-in-one-rhel7@sha256:4fa3cf137dc82aea05cf970d795f6bedd213513a114b284339299eb008ad50ad_amd64 as a component of Red Hat OpenShift Jaeger 1.17distributed-tracing/jaeger-all-in-one-rhel7@sha256:4fa3cf137dc82aea05cf970d795f6bedd213513a114b284339299eb008ad50ad_amd64
Red Hatdistributed-tracing/jaeger-collector-rhel7@sha256:27be7095512eab0638ec5ec06670fd5404922884fc7bcbede92a320ab821ec09_amd64 as a component of Red Hat OpenShift Jaeger 1.17*, *
Red Hatdistributed-tracing/jaeger-collector-rhel7@sha256:27be7095512eab0638ec5ec06670fd5404922884fc7bcbede92a320ab821ec09_amd64 as a component of Red Hat OpenShift Jaeger 1.17*
Red Hatdistributed-tracing/jaeger-query-rhel7
Red Hatdistributed-tracing/jaeger-rhel7-operator@sha256:730e0015fdeab7b9ede059a1c685e003aa33463319690375c91daa22f2830428_amd64 as a component of Red Hat OpenShift Jaeger 1.17distributed-tracing/jaeger-rhel7-operator@sha256:730e0015fdeab7b9ede059a1c685e003aa33463319690375c91daa22f2830428_amd64, *

Timeline

  • Jul 22, 2020 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • May 4, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›