VDB
RHSA-2022%3A0191
RHSA-2022%3A0191
PUBLISHED
CVSS 5.900000095367432 MEDIUM
A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.
Risk Scores
CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64 as a component of CNV 4.9 for RHEL 8 | *, container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64 |
| Red Hat | container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64 as a component of CNV 4.9 for RHEL 8 | container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64, container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64 |
| Red Hat | container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64 as a component of CNV 4.9 for RHEL 8 | container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64, container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64 |
| Red Hat | container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64 as a component of CNV 4.9 for RHEL 8 | container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64 |
| Red Hat | container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64 as a component of CNV 4.9 for RHEL 8 | container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64 |
| Red Hat | container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64 as a component of CNV 4.9 for RHEL 8 | *, container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64 |
| Red Hat | container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64 as a component of CNV 4.9 for RHEL 8 | container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64, container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64 |
| Red Hat | container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64 as a component of CNV 4.9 for RHEL 8 | *, container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64 |
| Red Hat | container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64 as a component of CNV 4.9 for RHEL 8 | container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64 |
| Red Hat | container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64 as a component of CNV 4.9 for RHEL 8 | container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64, container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64 |
| Red Hat | container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64 as a component of CNV 4.9 for RHEL 8 | container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64 |
| Red Hat | container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64 as a component of CNV 4.9 for RHEL 8 | container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64, container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64 |
| Red Hat | container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64 as a component of CNV 4.9 for RHEL 8 | container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64 |
| Red Hat | container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64 as a component of CNV 4.9 for RHEL 8 | *, container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64 |
| Red Hat | container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64 as a component of CNV 4.9 for RHEL 8 | * |
| Red Hat | container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64 as a component of CNV 4.9 for RHEL 8 | *, container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64 |
| Red Hat | container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64 as a component of CNV 4.9 for RHEL 8 | container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64 |
| Red Hat | container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64 as a component of CNV 4.9 for RHEL 8 | container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64, container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64 |
| Red Hat | container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64 as a component of CNV 4.9 for RHEL 8 | container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64, * |
| Red Hat | container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64 as a component of CNV 4.9 for RHEL 8 | container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64, * |
…and 52 more
Timeline
- Jan 19, 2022 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 29, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2022:0191 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1954505 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1958341 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1983596 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1989564 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1989570 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1989575 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1992961 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1995824 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2015279 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2018468 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2022895 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2026198 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2028154 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2030198 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2032853 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0191.json advisory
- https://access.redhat.com/security/cve/CVE-2021-31525 advisory
- https://www.cve.org/CVERecord?id=CVE-2021-31525 advisory
…and 17 more