VDB
RHSA-2020%3A5635
RHSA-2020%3A5635
PUBLISHED
CVSS 7.5 HIGH
A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific characters or strings to the vulnerable application, there is the potential to cause an infinite loop to occur using more memory, resulting in a denial of service.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-sriov-operator-must-gather@sha256:b956d3e80fe624ad8b579b201df3a8379cb0017ecc9ae3798d962c95251f6851_amd64 as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-sriov-operator-must-gather@sha256:b956d3e80fe624ad8b579b201df3a8379cb0017ecc9ae3798d962c95251f6851_amd64, * |
| Red Hat | openshift4/ose-clusterresourceoverride-rhel8@sha256:d23a6fbe3bc7527e44456ba9f7ba4366029be4bb600438dd3fc8e73518560679_s390x as a component of Red Hat OpenShift Container Platform 4.7 | *, openshift4/ose-clusterresourceoverride-rhel8@sha256:d23a6fbe3bc7527e44456ba9f7ba4366029be4bb600438dd3fc8e73518560679_s390x |
| Red Hat | openshift4/ose-sriov-operator-must-gather@sha256:893e4360886c67fce17809b773e21af3bb9d9cdc8843a12e8ae6fe0c1cd2b116_ppc64le as a component of Red Hat OpenShift Container Platform 4.7 | *, * |
| Red Hat | openshift4/ose-sriov-operator-must-gather@sha256:893e4360886c67fce17809b773e21af3bb9d9cdc8843a12e8ae6fe0c1cd2b116_ppc64le as a component of Red Hat OpenShift Container Platform 4.7 | * |
| Red Hat | openshift4/ose-sriov-network-operator@sha256:c0ad25032c27e5029f909002fbc9ff491d444ab0d684c25286497ec34b7af4b6_ppc64le as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-sriov-network-operator@sha256:c0ad25032c27e5029f909002fbc9ff491d444ab0d684c25286497ec34b7af4b6_ppc64le, * |
| Red Hat | openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:d657a06df47a338ba52eb486a828d98d32fbee12ddd32400fcefff2a78bee457_amd64 as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:d657a06df47a338ba52eb486a828d98d32fbee12ddd32400fcefff2a78bee457_amd64 |
| Red Hat | openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:534bdca3071ffef9772bfbb4886d46c4c7bcd5239063d5677c84cc80c4a460de_s390x as a component of Red Hat OpenShift Container Platform 4.7 | *, * |
| Red Hat | openshift4/ptp-must-gather-rhel8@sha256:cad71e1c88aed5c393c685daa1995d883783c074cf2c693386a9346b3bfafd2b_s390x as a component of Red Hat OpenShift Container Platform 4.7 | *, openshift4/ptp-must-gather-rhel8@sha256:cad71e1c88aed5c393c685daa1995d883783c074cf2c693386a9346b3bfafd2b_s390x |
| Red Hat | openshift4/network-tools-rhel8@sha256:7da622d049e86ce9438a0885ffd6139e4442b5de75227e017c5c343e8bca1759_s390x as a component of Red Hat OpenShift Container Platform 4.7 | *, openshift4/network-tools-rhel8@sha256:7da622d049e86ce9438a0885ffd6139e4442b5de75227e017c5c343e8bca1759_s390x |
| Red Hat | openshift4/ose-egress-router@sha256:2192a13995bd35a84d46c636e30d18356720d1db3dcd2516b56a6f0833f32744_s390x as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-egress-router@sha256:2192a13995bd35a84d46c636e30d18356720d1db3dcd2516b56a6f0833f32744_s390x |
| Red Hat | openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:dd4443504639563afb6b8d722ebb951ada3a7ed35934a30d34a51a1fbb6185dc_amd64 as a component of Red Hat OpenShift Container Platform 4.7 | * |
| Red Hat | openshift4/ose-cluster-nfd-operator@sha256:61cf64ac93fa816fd847b6b77e1e7af7ef371cd9c22b5120a977774d68a38117_ppc64le as a component of Red Hat OpenShift Container Platform 4.7 | *, * |
| Red Hat | openshift4/ose-ptp-operator@sha256:d81dfc4a897abfd137c53b0a53b5bd12c1d87678531327ee0a8569e4c5853b51_s390x as a component of Red Hat OpenShift Container Platform 4.7 | *, openshift4/ose-ptp-operator@sha256:d81dfc4a897abfd137c53b0a53b5bd12c1d87678531327ee0a8569e4c5853b51_s390x |
| Red Hat | openshift4/ose-sriov-network-webhook@sha256:47e7d9ebfaa290f275d5958f4f2aacb7d546b096f2c4e9eecc9735c4cf7e6925_amd64 as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-sriov-network-webhook@sha256:47e7d9ebfaa290f275d5958f4f2aacb7d546b096f2c4e9eecc9735c4cf7e6925_amd64, * |
| Red Hat | openshift4/kubernetes-nmstate-rhel8-operator@sha256:1e0a2fc1d5bb8926f88a60c56a1ded8c910b39af2e7b29ffff467adce5c866d6_ppc64le as a component of Red Hat OpenShift Container Platform 4.7 | *, * |
| Red Hat | openshift4/ose-local-storage-static-provisioner@sha256:2ba27a27c78ac54df2dbe4e2c7180c4f34097b414abb78a9597e36439bb1a1e2_ppc64le as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-local-storage-static-provisioner@sha256:2ba27a27c78ac54df2dbe4e2c7180c4f34097b414abb78a9597e36439bb1a1e2_ppc64le |
| Red Hat | openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:569b6c2f23422db605b2a78e8e8d23a8ddf914ffb61e7c7efa049bb986511edc_amd64 as a component of Red Hat OpenShift Container Platform 4.7 | *, * |
| Red Hat | openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:243c97545745e7e65991f79ddd4d748ae7ce853cbf13ac72474749f469d705a9_s390x as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:243c97545745e7e65991f79ddd4d748ae7ce853cbf13ac72474749f469d705a9_s390x |
| Red Hat | openshift4/ose-leader-elector-rhel8@sha256:dcf24c8e543c271a2fcd70644dbc05fa3aa614a012ae6112903e136f0bbad6d0_amd64 as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-leader-elector-rhel8@sha256:dcf24c8e543c271a2fcd70644dbc05fa3aa614a012ae6112903e136f0bbad6d0_amd64 |
| Red Hat | openshift4/ose-sriov-network-webhook@sha256:9db9f125b9742a7f892d7623bcd3550b3f2a43179176969b5c28432b513371ec_s390x as a component of Red Hat OpenShift Container Platform 4.7 | openshift4/ose-sriov-network-webhook@sha256:9db9f125b9742a7f892d7623bcd3550b3f2a43179176969b5c28432b513371ec_s390x, * |
…and 238 more
Timeline
- Feb 24, 2021 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 14, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2020:5635 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1823765 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1838802 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1838845 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1841883 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1853652 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1868294 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1882310 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1890672 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1890741 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1897346 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1898373 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1900125 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1906129 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1908492 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1913837 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1914869 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1916010 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1921650 issue
…and 13 more