VDB
RHSA-2020%3A5149
RHSA-2020%3A5149
PUBLISHED
CVSS 7.5 HIGH
A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific characters or strings to the vulnerable application, there is the potential to cause an infinite loop to occur using more memory, resulting in a denial of service.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift-serverless-1/kourier-control-rhel8@sha256:58cd8778349c972b353ffb7f3002a68e4ba6bad71b7c17b362bd83439f8a965b_amd64 as a component of Openshift Serverless 1.11 | openshift-serverless-1/kourier-control-rhel8@sha256:58cd8778349c972b353ffb7f3002a68e4ba6bad71b7c17b362bd83439f8a965b_amd64 |
| Red Hat | openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:855d7eec56b54f50965c992bc18a1afbcdf1daf5e0513503bf703de53131cddd_amd64 as a component of Openshift Serverless 1.11 | openshift-serverless-1/eventing-mtbroker-filter-rhel8@sha256:855d7eec56b54f50965c992bc18a1afbcdf1daf5e0513503bf703de53131cddd_amd64 |
| Red Hat | openshift-serverless-1/knative-rhel8-operator@sha256:3240a12f01ad882161271d1574e0f65abfa06f3e4f080e5b23bd4216dc62c1f1_amd64 as a component of Openshift Serverless 1.11 | openshift-serverless-1/knative-rhel8-operator@sha256:3240a12f01ad882161271d1574e0f65abfa06f3e4f080e5b23bd4216dc62c1f1_amd64, * |
| Red Hat | openshift-serverless-1/eventing-mtchannel-broker-rhel8@sha256:aa142fde5cef75a217f5ce9e48d81550ad41d887c2bd57b2cae3ef82b4ff85f9_amd64 as a component of Openshift Serverless 1.11 | *, * |
| Red Hat | openshift-serverless-1/serving-controller-rhel8@sha256:c2a5d1b0fb2d88c246829aff46702999e6c47c5d4d72769718c72906b68a85dc_amd64 as a component of Openshift Serverless 1.11 | openshift-serverless-1/serving-controller-rhel8@sha256:c2a5d1b0fb2d88c246829aff46702999e6c47c5d4d72769718c72906b68a85dc_amd64 |
| Red Hat | openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:ce65adf0b085be1498cd5cbaf257407d2bb006b21021bfc6b2a9bc098ced1a39_amd64 as a component of Openshift Serverless 1.11 | *, openshift-serverless-1/eventing-sugar-controller-rhel8@sha256:ce65adf0b085be1498cd5cbaf257407d2bb006b21021bfc6b2a9bc098ced1a39_amd64 |
| Red Hat | openshift-serverless-1/svls-must-gather-rhel8@sha256:7ae2a473ba0d39177175d647de95576405484ca0c4844d25a6ea887bf0c30477_amd64 as a component of Openshift Serverless 1.11 | openshift-serverless-1/svls-must-gather-rhel8@sha256:7ae2a473ba0d39177175d647de95576405484ca0c4844d25a6ea887bf0c30477_amd64, * |
| Red Hat | openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:30f8927c02c8c1f60e77a85653900c072cb20df8062ad5a784231b2dfd606f57_amd64 as a component of Openshift Serverless 1.11 | openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8@sha256:30f8927c02c8c1f60e77a85653900c072cb20df8062ad5a784231b2dfd606f57_amd64 |
| Red Hat | openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:96cc3479579df33c38d64bd923c00b22157e995e6a0c067909398ad98eb64137_amd64 as a component of Openshift Serverless 1.11 | openshift-serverless-1/kn-cli-artifacts-rhel8@sha256:96cc3479579df33c38d64bd923c00b22157e995e6a0c067909398ad98eb64137_amd64 |
| Red Hat | openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:913b0faa0044367c6a799a85e7a019374ef893e0725633a9a0613191aa0acdd2_amd64 as a component of Openshift Serverless 1.11 | openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:913b0faa0044367c6a799a85e7a019374ef893e0725633a9a0613191aa0acdd2_amd64 |
| Red Hat | openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:ad36e4c0090437423b6aedcd810c8081147f4bb97de39feba6e236054bd17a45_amd64 as a component of Openshift Serverless 1.11 | openshift-serverless-1/eventing-in-memory-channel-controller-rhel8@sha256:ad36e4c0090437423b6aedcd810c8081147f4bb97de39feba6e236054bd17a45_amd64 |
| Red Hat | openshift-serverless-1/serving-autoscaler-rhel8@sha256:eb3bcf8ee5743890db8924d723869867f33647c9f0ce689ebb7e13f8768b9267_amd64 as a component of Openshift Serverless 1.11 | openshift-serverless-1/serving-autoscaler-rhel8@sha256:eb3bcf8ee5743890db8924d723869867f33647c9f0ce689ebb7e13f8768b9267_amd64, * |
| Red Hat | openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:2cbc0c20433683576afa61a70202655faf2281c421f0450044757d4b1c9078b4_amd64 as a component of Openshift Serverless 1.11 | openshift-serverless-1/eventing-storage-version-migration-rhel8@sha256:2cbc0c20433683576afa61a70202655faf2281c421f0450044757d4b1c9078b4_amd64, * |
| Red Hat | openshift-serverless-1/eventing-webhook-rhel8@sha256:b5af285977dc8af83aa013fb5b3c71a7a1eb022b2d27aa949c733d483099a810_amd64 as a component of Openshift Serverless 1.11 | openshift-serverless-1/eventing-webhook-rhel8@sha256:b5af285977dc8af83aa013fb5b3c71a7a1eb022b2d27aa949c733d483099a810_amd64 |
| Red Hat | openshift-serverless-1/ingress-rhel8-operator@sha256:1e4f1a32bf697f0b0905ac6d2f990b0eb64e60c8bdc46f78ec5f94e533907e92_amd64 as a component of Openshift Serverless 1.11 | * |
| Red Hat | openshift-serverless-1/serverless-rhel8-operator@sha256:f39ddbf71cad46501520e0ca4f8424d9526bdf9a699fd8a2fb14331a90730ee5_amd64 as a component of Openshift Serverless 1.11 | openshift-serverless-1/serverless-rhel8-operator@sha256:f39ddbf71cad46501520e0ca4f8424d9526bdf9a699fd8a2fb14331a90730ee5_amd64 |
| Red Hat | openshift-serverless-1/serving-autoscaler-rhel8@sha256:eb3bcf8ee5743890db8924d723869867f33647c9f0ce689ebb7e13f8768b9267_amd64 as a component of Openshift Serverless 1.11 | openshift-serverless-1/serving-autoscaler-rhel8@sha256:eb3bcf8ee5743890db8924d723869867f33647c9f0ce689ebb7e13f8768b9267_amd64 |
| Red Hat | openshift-serverless-1/serving-autoscaler-hpa-rhel8@sha256:ca5a50fbcb4c981de9bea8449961b42d94e5d8cfe9638b2afce895751a03c8f0_amd64 as a component of Openshift Serverless 1.11 | *, * |
| Red Hat | openshift-serverless-1/eventing-mtping-rhel8@sha256:77884d76bada6ea22c4e5c98a44e4efae764fc47794b1225bebb34a871727e64_amd64 as a component of Openshift Serverless 1.11 | * |
| Red Hat | openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:913b0faa0044367c6a799a85e7a019374ef893e0725633a9a0613191aa0acdd2_amd64 as a component of Openshift Serverless 1.11 | *, openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8@sha256:913b0faa0044367c6a799a85e7a019374ef893e0725633a9a0613191aa0acdd2_amd64 |
…and 34 more
Timeline
- Nov 18, 2020 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 4, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2020:5149 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1853652 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1889831 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1889833 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5149.json advisory
- https://access.redhat.com/security/cve/CVE-2020-14040 advisory
- https://www.cve.org/CVERecord?id=CVE-2020-14040 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2020-14040 advisory
- https://github.com/golang/go/issues/39491 advisory
- https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0 advisory