VDB

RHSA-2022%3A0191

RHSA-2022%3A0191 PUBLISHED CVSS 5.900000095367432 MEDIUM

A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.

Risk Scores

CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatcontainer-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64 as a component of CNV 4.9 for RHEL 8*, container-native-virtualization/virt-cdi-uploadproxy@sha256:b7fc7188e271e44cdf88ae6d580565c6759bf31ca36e99338aabcf165ad3805f_amd64
Red Hatcontainer-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64 as a component of CNV 4.9 for RHEL 8container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64, container-native-virtualization/virt-controller@sha256:7b51d7a4e3d37d752e79756aa66b9837c93d227d81f11e7b4783c6a4e35ac879_amd64
Red Hatcontainer-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64 as a component of CNV 4.9 for RHEL 8container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64, container-native-virtualization/kubevirt-ssp-operator@sha256:c4aeeab5efe48f05bcd50cca9b9a7e95bd7d4f91296923443bfd900b059924e2_amd64
Red Hatcontainer-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64 as a component of CNV 4.9 for RHEL 8container-native-virtualization/virt-handler@sha256:028124044111d6e52d14d3bc611a113a1b5d61f850126bfc9c3f7ff518e6a4b7_amd64
Red Hatcontainer-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64 as a component of CNV 4.9 for RHEL 8container-native-virtualization/vm-import-virtv2v-rhel8@sha256:a858f39514cabbfb121976ff37007cf8d5a26a547c126e12812a74cd781e8b42_amd64
Red Hatcontainer-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64 as a component of CNV 4.9 for RHEL 8*, container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64
Red Hatcontainer-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64 as a component of CNV 4.9 for RHEL 8container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64, container-native-virtualization/virt-artifacts-server@sha256:a5194b5d75b384c82c1e4f7f416c34e3f93b2832a6b5924ceea06101fa77a694_amd64
Red Hatcontainer-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64 as a component of CNV 4.9 for RHEL 8*, container-native-virtualization/virt-cdi-apiserver@sha256:d4e1d0b116ced42318d44314e1a0eaf51cadd9703942a35d6398c8d548a80dcd_amd64
Red Hatcontainer-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64 as a component of CNV 4.9 for RHEL 8container-native-virtualization/virtio-win@sha256:bbeb74965b7fbc5423ebcda17d74c9cc6c516483203cc3b65bfce5e56afc0bc7_amd64
Red Hatcontainer-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64 as a component of CNV 4.9 for RHEL 8container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64, container-native-virtualization/cnv-must-gather-rhel8@sha256:4eca00751ce23c805078a48f2368850987869b9be900f6bc6afac1c33e6974dc_amd64
Red Hatcontainer-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64 as a component of CNV 4.9 for RHEL 8container-native-virtualization/virt-cdi-cloner@sha256:da542791321880d5f09a6bb789df070d26f5328b71dcf955be332eb17ab82fc5_amd64
Red Hatcontainer-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64 as a component of CNV 4.9 for RHEL 8container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64, container-native-virtualization/node-maintenance-operator@sha256:4a04716d1c956d1d28b3da0e974dba1486a88c7d81f411f90942e70f690d98a7_amd64
Red Hatcontainer-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64 as a component of CNV 4.9 for RHEL 8container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64
Red Hatcontainer-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64 as a component of CNV 4.9 for RHEL 8*, container-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64
Red Hatcontainer-native-virtualization/kubevirt-template-validator@sha256:ecb2ff287bb14f664ddddf92e87e2d82a3f5dc97f329dd238983f6d1ddc05741_amd64 as a component of CNV 4.9 for RHEL 8*
Red Hatcontainer-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64 as a component of CNV 4.9 for RHEL 8*, container-native-virtualization/vm-import-controller-rhel8@sha256:6d71a63d32aef72b316cdd88adc8b2c1feec45fc010fbfdb25f14c70ceb710e5_amd64
Red Hatcontainer-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64 as a component of CNV 4.9 for RHEL 8container-native-virtualization/ovs-cni-plugin@sha256:4c7cb72c17bb3b6e2ef82ed77e72ab5c9161b3df7bf9d7dfbc70c48a85b28a86_amd64
Red Hatcontainer-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64 as a component of CNV 4.9 for RHEL 8container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64, container-native-virtualization/virt-cdi-importer@sha256:aea42e387b0feab73392cc22adade3fd0d53c7ff08a809dc5ceba7dad75a6215_amd64
Red Hatcontainer-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64 as a component of CNV 4.9 for RHEL 8container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:51adcb63b1caadb271be8f1615d37f110abf0936a31098be7b94784accc84d1e_amd64, *
Red Hatcontainer-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64 as a component of CNV 4.9 for RHEL 8container-native-virtualization/kubevirt-v2v-conversion@sha256:145dfb7fec058ac3b3f3124c2360a70132d6e806c5684c9bf6da762957976628_amd64, *

…and 52 more

Timeline

  • Jan 19, 2022 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 29, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›