VDB
RHSA-2021%3A4104
RHSA-2021%3A4104
PUBLISHED
CVSS 8.600000381469727 HIGH
A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this vulnerability is to availability.
Risk Scores
CVSS 3.1
8.600000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64 as a component of CNV 4.9 for RHEL 8 | container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64, container-native-virtualization/kubevirt-template-validator@sha256:8d33c8d2d5fd949a860385fac4badc32f579bafd8fffa37554475340dbf5d2f5_amd64 |
| Red Hat | container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64 as a component of CNV 4.9 for RHEL 8 | container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8ecc2e45d4a5f09c65ea0e343ddb0f30bb791e55de3b989b7850fb402c3c6b9f_amd64, * |
| Red Hat | container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64 as a component of CNV 4.9 for RHEL 8 | container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64, container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64 |
| Red Hat | container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64 as a component of CNV 4.9 for RHEL 8 | container-native-virtualization/hostpath-provisioner-rhel8@sha256:21140d9f28a488d18d789be2ed8c2cd8e475e30aa337bfebdcb3b6901557d1ac_amd64, * |
| Red Hat | container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64 as a component of CNV 4.9 for RHEL 8 | *, container-native-virtualization/virt-artifacts-server@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64 |
| Red Hat | container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64 as a component of CNV 4.9 for RHEL 8 | container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64, container-native-virtualization/virt-cdi-importer@sha256:648caeddba7e2ce0cc1688c2d8dee297931d1fe980701227ca6852750f7b74dc_amd64 |
| Red Hat | container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64 as a component of CNV 4.9 for RHEL 8 | container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:4ab8d14a75e26afb8b63ed7253b93beafcd344be7729ed285c913e915dc43c2f_amd64 |
| Red Hat | container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64 as a component of CNV 4.9 for RHEL 8 | container-native-virtualization/ovs-cni-marker@sha256:c98838f838720bca7054c7b5e3622718d44c27799f5266eaf792865091f885a3_amd64 |
| Red Hat | container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64 as a component of CNV 4.9 for RHEL 8 | *, container-native-virtualization/vm-import-operator-rhel8@sha256:5586c7c38b84a8195aa3cc59706d069c36a91a51ab8b53b0b0b6c13e5b19629a_amd64 |
| Red Hat | container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64 as a component of CNV 4.9 for RHEL 8 | container-native-virtualization/virt-cdi-uploadserver@sha256:1f821c2e1b1c04446792f5900e57b83c9a7adac6a0123486ebaecda33f4ab98d_amd64 |
| Red Hat | container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64 as a component of CNV 4.9 for RHEL 8 | container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64 |
| Red Hat | container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64 as a component of CNV 4.9 for RHEL 8 | container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64, container-native-virtualization/kubevirt-vmware@sha256:1f379e14ac3485ca5d7f1dbb2dbb626a642fe8b5ae699ba005d0b9a4ec7b3695_amd64 |
| Red Hat | container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64 as a component of CNV 4.9 for RHEL 8 | container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64, container-native-virtualization/virt-api@sha256:b2a9fd906d366609674d7731f256c7bb40dfce62cbaf1a1c4271b3c65b11d750_amd64 |
| Red Hat | container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64 as a component of CNV 4.9 for RHEL 8 | container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64, container-native-virtualization/hco-bundle-registry@sha256:2d7b4f8c04d4562029587c4b8e45d4b911ea4e3590c58bf2ecb2b7b238fd0778_amd64 |
| Red Hat | container-native-virtualization/kubevirt-ssp-operator@sha256:d3fd0c8f6c71af32e513d28f198bdfcbf60b717ff8c33683ce8441e46b18597e_amd64 as a component of CNV 4.9 for RHEL 8 | * |
| Red Hat | container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64 as a component of CNV 4.9 for RHEL 8 | container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64, container-native-virtualization/hyperconverged-cluster-operator@sha256:62829517f9d288727e92023b07f734745d4cb033580b7047556d89297e7ff4e9_amd64 |
| Red Hat | container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64 as a component of CNV 4.9 for RHEL 8 | container-native-virtualization/virt-artifacts-server-rhel8@sha256:94394307fa2ebcb25f53a6b4866a98d182850b3f14173e4f6c795e9028939345_amd64 |
| Red Hat | container-native-virtualization/virt-cdi-operator@sha256:1549e1e6f3f145cced51e7b7b0800103c2bf218300d4029ea3b11380e1249b1c_amd64 as a component of CNV 4.9 for RHEL 8 | * |
| Red Hat | container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64 as a component of CNV 4.9 for RHEL 8 | container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64, container-native-virtualization/node-maintenance-operator@sha256:67708c4cf950afbfc43720d3ce09a15365e43a102c6174fb97401921d80b00ae_amd64 |
| Red Hat | container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64 as a component of CNV 4.9 for RHEL 8 | container-native-virtualization/virt-cdi-cloner@sha256:aedd7f690a2fd5ad2f2988c673f337fa96f235ebf40e20c55a77b29c73651df7_amd64 |
…and 56 more
Timeline
- Nov 2, 2021 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 29, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2021:4104 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1858777 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1891921 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1896469 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1903687 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1921650 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1933043 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1935219 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1942726 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1943164 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1945589 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1953481 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1953483 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1953484 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1955129 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1957852 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1958341 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1963963 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1965050 issue
…and 64 more