VDB

RHSA-2020%3A5635

RHSA-2020%3A5635 PUBLISHED CVSS 7.5 HIGH

A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific characters or strings to the vulnerable application, there is the potential to cause an infinite loop to occur using more memory, resulting in a denial of service.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatopenshift4/ose-sriov-operator-must-gather@sha256:b956d3e80fe624ad8b579b201df3a8379cb0017ecc9ae3798d962c95251f6851_amd64 as a component of Red Hat OpenShift Container Platform 4.7openshift4/ose-sriov-operator-must-gather@sha256:b956d3e80fe624ad8b579b201df3a8379cb0017ecc9ae3798d962c95251f6851_amd64, *
Red Hatopenshift4/ose-clusterresourceoverride-rhel8@sha256:d23a6fbe3bc7527e44456ba9f7ba4366029be4bb600438dd3fc8e73518560679_s390x as a component of Red Hat OpenShift Container Platform 4.7*, openshift4/ose-clusterresourceoverride-rhel8@sha256:d23a6fbe3bc7527e44456ba9f7ba4366029be4bb600438dd3fc8e73518560679_s390x
Red Hatopenshift4/ose-sriov-operator-must-gather@sha256:893e4360886c67fce17809b773e21af3bb9d9cdc8843a12e8ae6fe0c1cd2b116_ppc64le as a component of Red Hat OpenShift Container Platform 4.7*, *
Red Hatopenshift4/ose-sriov-operator-must-gather@sha256:893e4360886c67fce17809b773e21af3bb9d9cdc8843a12e8ae6fe0c1cd2b116_ppc64le as a component of Red Hat OpenShift Container Platform 4.7*
Red Hatopenshift4/ose-sriov-network-operator@sha256:c0ad25032c27e5029f909002fbc9ff491d444ab0d684c25286497ec34b7af4b6_ppc64le as a component of Red Hat OpenShift Container Platform 4.7openshift4/ose-sriov-network-operator@sha256:c0ad25032c27e5029f909002fbc9ff491d444ab0d684c25286497ec34b7af4b6_ppc64le, *
Red Hatopenshift4/ose-clusterresourceoverride-rhel8-operator@sha256:d657a06df47a338ba52eb486a828d98d32fbee12ddd32400fcefff2a78bee457_amd64 as a component of Red Hat OpenShift Container Platform 4.7openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:d657a06df47a338ba52eb486a828d98d32fbee12ddd32400fcefff2a78bee457_amd64
Red Hatopenshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:534bdca3071ffef9772bfbb4886d46c4c7bcd5239063d5677c84cc80c4a460de_s390x as a component of Red Hat OpenShift Container Platform 4.7*, *
Red Hatopenshift4/ptp-must-gather-rhel8@sha256:cad71e1c88aed5c393c685daa1995d883783c074cf2c693386a9346b3bfafd2b_s390x as a component of Red Hat OpenShift Container Platform 4.7*, openshift4/ptp-must-gather-rhel8@sha256:cad71e1c88aed5c393c685daa1995d883783c074cf2c693386a9346b3bfafd2b_s390x
Red Hatopenshift4/network-tools-rhel8@sha256:7da622d049e86ce9438a0885ffd6139e4442b5de75227e017c5c343e8bca1759_s390x as a component of Red Hat OpenShift Container Platform 4.7*, openshift4/network-tools-rhel8@sha256:7da622d049e86ce9438a0885ffd6139e4442b5de75227e017c5c343e8bca1759_s390x
Red Hatopenshift4/ose-egress-router@sha256:2192a13995bd35a84d46c636e30d18356720d1db3dcd2516b56a6f0833f32744_s390x as a component of Red Hat OpenShift Container Platform 4.7openshift4/ose-egress-router@sha256:2192a13995bd35a84d46c636e30d18356720d1db3dcd2516b56a6f0833f32744_s390x
Red Hatopenshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:dd4443504639563afb6b8d722ebb951ada3a7ed35934a30d34a51a1fbb6185dc_amd64 as a component of Red Hat OpenShift Container Platform 4.7*
Red Hatopenshift4/ose-cluster-nfd-operator@sha256:61cf64ac93fa816fd847b6b77e1e7af7ef371cd9c22b5120a977774d68a38117_ppc64le as a component of Red Hat OpenShift Container Platform 4.7*, *
Red Hatopenshift4/ose-ptp-operator@sha256:d81dfc4a897abfd137c53b0a53b5bd12c1d87678531327ee0a8569e4c5853b51_s390x as a component of Red Hat OpenShift Container Platform 4.7*, openshift4/ose-ptp-operator@sha256:d81dfc4a897abfd137c53b0a53b5bd12c1d87678531327ee0a8569e4c5853b51_s390x
Red Hatopenshift4/ose-sriov-network-webhook@sha256:47e7d9ebfaa290f275d5958f4f2aacb7d546b096f2c4e9eecc9735c4cf7e6925_amd64 as a component of Red Hat OpenShift Container Platform 4.7openshift4/ose-sriov-network-webhook@sha256:47e7d9ebfaa290f275d5958f4f2aacb7d546b096f2c4e9eecc9735c4cf7e6925_amd64, *
Red Hatopenshift4/kubernetes-nmstate-rhel8-operator@sha256:1e0a2fc1d5bb8926f88a60c56a1ded8c910b39af2e7b29ffff467adce5c866d6_ppc64le as a component of Red Hat OpenShift Container Platform 4.7*, *
Red Hatopenshift4/ose-local-storage-static-provisioner@sha256:2ba27a27c78ac54df2dbe4e2c7180c4f34097b414abb78a9597e36439bb1a1e2_ppc64le as a component of Red Hat OpenShift Container Platform 4.7openshift4/ose-local-storage-static-provisioner@sha256:2ba27a27c78ac54df2dbe4e2c7180c4f34097b414abb78a9597e36439bb1a1e2_ppc64le
Red Hatopenshift4/ose-vertical-pod-autoscaler-rhel8@sha256:569b6c2f23422db605b2a78e8e8d23a8ddf914ffb61e7c7efa049bb986511edc_amd64 as a component of Red Hat OpenShift Container Platform 4.7*, *
Red Hatopenshift4/ose-vertical-pod-autoscaler-rhel8@sha256:243c97545745e7e65991f79ddd4d748ae7ce853cbf13ac72474749f469d705a9_s390x as a component of Red Hat OpenShift Container Platform 4.7openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:243c97545745e7e65991f79ddd4d748ae7ce853cbf13ac72474749f469d705a9_s390x
Red Hatopenshift4/ose-leader-elector-rhel8@sha256:dcf24c8e543c271a2fcd70644dbc05fa3aa614a012ae6112903e136f0bbad6d0_amd64 as a component of Red Hat OpenShift Container Platform 4.7openshift4/ose-leader-elector-rhel8@sha256:dcf24c8e543c271a2fcd70644dbc05fa3aa614a012ae6112903e136f0bbad6d0_amd64
Red Hatopenshift4/ose-sriov-network-webhook@sha256:9db9f125b9742a7f892d7623bcd3550b3f2a43179176969b5c28432b513371ec_s390x as a component of Red Hat OpenShift Container Platform 4.7openshift4/ose-sriov-network-webhook@sha256:9db9f125b9742a7f892d7623bcd3550b3f2a43179176969b5c28432b513371ec_s390x, *

…and 238 more

Timeline

  • Feb 24, 2021 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • May 14, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›