VDB

RHSA-2021%3A3598

RHSA-2021%3A3598 PUBLISHED CVSS 7.5 HIGH

A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products

VendorProductVersions
Red Hatcontainer-native-virtualization/vm-import-operator-rhel8@sha256:ec39e0dc1c3d6c0912b1da5b9dc36682a5a702cd64978ec6d0b34651942944ca_amd64 as a component of CNV 4.8 for RHEL 8container-native-virtualization/vm-import-operator-rhel8@sha256:ec39e0dc1c3d6c0912b1da5b9dc36682a5a702cd64978ec6d0b34651942944ca_amd64
Red Hatcontainer-native-virtualization/vm-import-operator-rhel8@sha256:ec39e0dc1c3d6c0912b1da5b9dc36682a5a702cd64978ec6d0b34651942944ca_amd64 as a component of CNV 4.8 for RHEL 8container-native-virtualization/vm-import-operator-rhel8@sha256:ec39e0dc1c3d6c0912b1da5b9dc36682a5a702cd64978ec6d0b34651942944ca_amd64, *

Timeline

  • Sep 21, 2021 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 29, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›