VDB
RHSA-2021%3A3146
RHSA-2021%3A3146
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | advanced-cluster-security/rhacs-operator-bundle@sha256:7e7d2ee7951813e40decefd68e2a0a4dbcc32f81158de073340a2540f3e96441_amd64 as a component of RHACS 3.64 for RHEL 8 | advanced-cluster-security/rhacs-operator-bundle@sha256:7e7d2ee7951813e40decefd68e2a0a4dbcc32f81158de073340a2540f3e96441_amd64, * |
| Red Hat | advanced-cluster-security/rhacs-rhel8-operator@sha256:edf1d4fec9c3b6651a2ba44741323a6abf5f5d891db27eba396c206a6bdbc31d_amd64 as a component of RHACS 3.64 for RHEL 8 | *, advanced-cluster-security/rhacs-rhel8-operator@sha256:edf1d4fec9c3b6651a2ba44741323a6abf5f5d891db27eba396c206a6bdbc31d_amd64 |
| Red Hat | advanced-cluster-security/rhacs-rhel8-operator@sha256:edf1d4fec9c3b6651a2ba44741323a6abf5f5d891db27eba396c206a6bdbc31d_amd64 as a component of RHACS 3.64 for RHEL 8 | advanced-cluster-security/rhacs-rhel8-operator@sha256:edf1d4fec9c3b6651a2ba44741323a6abf5f5d891db27eba396c206a6bdbc31d_amd64 |
| Red Hat | advanced-cluster-security/rhacs-operator-bundle@sha256:7e7d2ee7951813e40decefd68e2a0a4dbcc32f81158de073340a2540f3e96441_amd64 as a component of RHACS 3.64 for RHEL 8 | advanced-cluster-security/rhacs-operator-bundle@sha256:7e7d2ee7951813e40decefd68e2a0a4dbcc32f81158de073340a2540f3e96441_amd64 |
Timeline
- Aug 12, 2021 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 29, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2021:3146 advisory
- https://docs.openshift.com/acs/release_notes/364-release-notes.html advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1983596 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1989564 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1989570 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1989575 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3146.json advisory
- https://access.redhat.com/security/cve/CVE-2021-33195 advisory
- https://www.cve.org/CVERecord?id=CVE-2021-33195 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-33195 advisory
- https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI advisory
- https://access.redhat.com/security/cve/CVE-2021-33197 advisory
- https://www.cve.org/CVERecord?id=CVE-2021-33197 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-33197 advisory
- https://access.redhat.com/security/cve/CVE-2021-33198 advisory
- https://www.cve.org/CVERecord?id=CVE-2021-33198 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-33198 advisory
- https://access.redhat.com/security/cve/CVE-2021-34558 advisory
- https://www.cve.org/CVERecord?id=CVE-2021-34558 advisory
…and 3 more