VDB

RHSA-2022%3A0056

RHSA-2022%3A0056 PUBLISHED CVSS 8.600000381469727 HIGH

A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this vulnerability is to availability.

Risk Scores

CVSS 3.1
8.600000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Affected Products

VendorProductVersions
Red Hatopenshift4/ose-thanos-rhel8@sha256:6034eae2c4aa85a720ff3b14cee9a9d875b8cf14ac91deca4fb07e1b3891fcb8_arm64 as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-thanos-rhel8@sha256:6034eae2c4aa85a720ff3b14cee9a9d875b8cf14ac91deca4fb07e1b3891fcb8_arm64
Red Hatopenshift4/ose-openstack-cloud-controller-manager-rhel8@sha256:052c03d9c8583c985548f67f1ef5458542f75b269bd791fd2b0ff9b783f57ce3_arm64 as a component of Red Hat OpenShift Container Platform 4.10*
Red Hatopenshift4/ose-machine-api-operator@sha256:2412543e718877a5fdcb0760f4258fd4946c7332e26f1df8c3b53db1d9988800_ppc64le as a component of Red Hat OpenShift Container Platform 4.10*, openshift4/ose-machine-api-operator@sha256:2412543e718877a5fdcb0760f4258fd4946c7332e26f1df8c3b53db1d9988800_ppc64le
Red Hatopenshift4/ose-operator-lifecycle-manager@sha256:4f926cdc25f2174b443bad31d041e6e94e407caafcee5cc1cf0e09f2758b79a3_ppc64le as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-operator-lifecycle-manager@sha256:4f926cdc25f2174b443bad31d041e6e94e407caafcee5cc1cf0e09f2758b79a3_ppc64le, *
Red Hatopenshift4/ose-pod@sha256:2a1588ed0f99e238e284d4dff10f60d180c892941c8e4d95dce4684e8452ed43_s390x as a component of Red Hat OpenShift Container Platform 4.10*, openshift4/ose-pod@sha256:2a1588ed0f99e238e284d4dff10f60d180c892941c8e4d95dce4684e8452ed43_s390x
Red Hatopenshift4/ovirt-csi-driver-rhel8-operator@sha256:2a70a76b625a70ed277d1e18d7faffaebb4d2a2defbee41e8f210b01cad580ce_ppc64le as a component of Red Hat OpenShift Container Platform 4.10*
Red Hatopenshift4/ovirt-csi-driver-rhel8@sha256:9726662a05730643a09e80b101a4d44422486fbc0482402a346d289d587ca20f_ppc64le as a component of Red Hat OpenShift Container Platform 4.10openshift4/ovirt-csi-driver-rhel8@sha256:9726662a05730643a09e80b101a4d44422486fbc0482402a346d289d587ca20f_ppc64le
Red Hatopenshift4/ose-installer@sha256:465d123dafe0ba9c6d6e3787047962bc5158067bd9c77cf281f8ed46540a5573_amd64 as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-installer@sha256:465d123dafe0ba9c6d6e3787047962bc5158067bd9c77cf281f8ed46540a5573_amd64
Red Hatopenshift4/ose-baremetal-machine-controllers@sha256:8042546d47876d9d481d1152209718678750872b135e6b1b1baa428d395a5ab2_ppc64le as a component of Red Hat OpenShift Container Platform 4.10*
Red Hatopenshift4/ose-cluster-csi-snapshot-controller-rhel8-operator@sha256:83786a893d20d11556b1be5fb036556b2897e5d1f928f6c6dde57a2af0636cdc_amd64 as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator@sha256:83786a893d20d11556b1be5fb036556b2897e5d1f928f6c6dde57a2af0636cdc_amd64
Red Hatopenshift4/ose-libvirt-machine-controllers@sha256:436ad7fe557e9112bac7a61ed52c7fb267a29eac027cd6864dc3f6b685ca3fa5_ppc64le as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-libvirt-machine-controllers@sha256:436ad7fe557e9112bac7a61ed52c7fb267a29eac027cd6864dc3f6b685ca3fa5_ppc64le
Red Hatopenshift4/driver-toolkit-rhel8@sha256:8705564ee52c5b655529860687f73db78daef4eaa54f5fdd3160cfbfc4aac438_amd64 as a component of Red Hat OpenShift Container Platform 4.10openshift4/driver-toolkit-rhel8@sha256:8705564ee52c5b655529860687f73db78daef4eaa54f5fdd3160cfbfc4aac438_amd64, *
Red Hatopenshift4/ose-cluster-authentication-operator@sha256:1c69749d21e0932f6f12ab0c5ab7a7c5607c56fd91f66a812c057b8a7d6da355_arm64 as a component of Red Hat OpenShift Container Platform 4.10*
Red Hatopenshift4/ose-machine-api-provider-openstack-rhel8@sha256:e655cb910633b71703ced9c3e0f6a7ba06a84bcfa56ddaef92390f0596e2ad11_arm64 as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-machine-api-provider-openstack-rhel8@sha256:e655cb910633b71703ced9c3e0f6a7ba06a84bcfa56ddaef92390f0596e2ad11_arm64, *
Red Hatopenshift4/ose-cluster-version-operator@sha256:181f7f1b64b1c791b85263085e030c55d892d9a06c43aeee1bcdec2ef6867d6c_arm64 as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-cluster-version-operator@sha256:181f7f1b64b1c791b85263085e030c55d892d9a06c43aeee1bcdec2ef6867d6c_arm64
Red Hatopenshift4/ose-openshift-controller-manager-rhel8@sha256:95f8f5a8af0cf11979fde95e72ad8540ef813a21332348a67d65ba6cca3f7e86_arm64 as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-openshift-controller-manager-rhel8@sha256:95f8f5a8af0cf11979fde95e72ad8540ef813a21332348a67d65ba6cca3f7e86_arm64, *
Red Hatopenshift4/ose-csi-external-attacher-rhel8@sha256:d5b38e9d7d62b8b686e9c7de2fc171d7722a2d2dfbe6ea381be9ed7bba082240_ppc64le as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-csi-external-attacher-rhel8@sha256:d5b38e9d7d62b8b686e9c7de2fc171d7722a2d2dfbe6ea381be9ed7bba082240_ppc64le
Red Hatopenshift4/ose-oauth-proxy@sha256:f144cbea694b31c7eff648892d3f59818d0edaa04ca276299fb968bf66470557_arm64 as a component of Red Hat OpenShift Container Platform 4.10*, openshift4/ose-oauth-proxy@sha256:f144cbea694b31c7eff648892d3f59818d0edaa04ca276299fb968bf66470557_arm64
Red Hatopenshift4/ose-service-ca-operator@sha256:40ef89a1bf348fdf359a27e129278323f3456130eb5bcc489e2d9f2d5c619c34_arm64 as a component of Red Hat OpenShift Container Platform 4.10*
Red Hatopenshift4/ose-jenkins@sha256:ccef3b2d2dc28fe903def5c33d367aae26d92c03ec8480d5c5f5dcfcd0800450_ppc64le as a component of Red Hat OpenShift Container Platform 4.10openshift4/ose-jenkins@sha256:ccef3b2d2dc28fe903def5c33d367aae26d92c03ec8480d5c5f5dcfcd0800450_ppc64le

…and 1068 more

Timeline

  • Mar 10, 2022 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›